darkcomet | 7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93 | Triage

Submit
Reports

Overview

overview

Static

static

7487b0bf31...93.exe

windows7-x64

7487b0bf31...93.exe

windows10-2004-x64

Sharing

General

Target

7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
Size

328KB
Sample

221126-qz6b1sgd44
MD5

5a6770a663b5125240a78424db7a74f2
SHA1

b3f3615b2e3c7b04fa904ce893644b9de65f9395
SHA256

7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
SHA512

58bfc1a02760d14ac63e4a9c8a06430a1a2adca1608fba10d8be59e34db03e51cf8ebbb6b7e016fd932506af7246da501b5ea0a1f6ab4e6aa78b32ad106aa5ad
SSDEEP

6144:umYnW1JAtWAwM0bWQLM0D0B+Gs4Jc+UO5EBGprbDGwBuUPN:KW1JuWm0bRw+NTO5JRPGwBrV

Score

10^/10

darkcomet backup persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93.exe

Resource

win7-20221111-en

darkcomet backup persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93.exe

Resource

win10v2004-20220812-en

darkcomet backup persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

BackUp

C2

185.17.1.54:9002

Mutex

WindowsBackUpMgr

Attributes

gencode
VzVqX1p6FUzg
install
false
offline_keylogger
true
password
redblood1
persistence
false

Targets

- Target
  
  7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
- Size
  
  328KB
- MD5
  
  5a6770a663b5125240a78424db7a74f2
- SHA1
  
  b3f3615b2e3c7b04fa904ce893644b9de65f9395
- SHA256
  
  7487b0bf31ecec6248a41d78cd00d1f4e4b5f6e778b363f0d798fe2e654f1f93
- SHA512
  
  58bfc1a02760d14ac63e4a9c8a06430a1a2adca1608fba10d8be59e34db03e51cf8ebbb6b7e016fd932506af7246da501b5ea0a1f6ab4e6aa78b32ad106aa5ad
- SSDEEP
  
  6144:umYnW1JAtWAwM0bWQLM0D0B+Gs4Jc+UO5EBGprbDGwBuUPN:KW1JuWm0bRw+NTO5JRPGwBrV
Score

10^/10

darkcomet backup persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometbackuppersistencerattrojanupx

behavioral2

darkcometbackuppersistencerattrojanupx

© 2018-2024

Terms | Privacy