darkcomet | cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b | Triage

Submit
Reports

Overview

overview

Static

static

cc60c9a379...6b.exe

windows7-x64

cc60c9a379...6b.exe

windows10-2004-x64

Sharing

General

Target

cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b
Size

523KB
Sample

221128-qhrsasbb2t
MD5

800ca0111f78614aea28ab810b89d5a6
SHA1

26d1019db4e7a9ed22e1129844fece28d5115ff7
SHA256

cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b
SHA512

594342e9dd15a3d4b48c6af149f4c9af232064d285b333d90184df23383e75f7f6cb31da30a6d5c30f4692ca7045071ef2f0f13bcb3b3d25ed684756bfe52f42
SSDEEP

12288:AwHqB6cDKHO6YQ88sQYDELSgmCNZ+Jh5egpKbpaNNk3J94HKCtGzBgSBy:/EH6YQ8PwhZ+JhrUbpis8HKCtGzB

Score

10^/10

darkcomet youtube persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b.exe

Resource

win7-20221111-en

darkcomet youtube persistence rat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b.exe

Resource

win10v2004-20221111-en

darkcomet youtube persistence rat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

YOUTUBE

C2

192.99.137.90:1604

Mutex

DC_MUTEX-JMCL4CE

Attributes

gencode
BC5wo4XY20uA
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b
- Size
  
  523KB
- MD5
  
  800ca0111f78614aea28ab810b89d5a6
- SHA1
  
  26d1019db4e7a9ed22e1129844fece28d5115ff7
- SHA256
  
  cc60c9a37983de8493deb44fb38b0305fd34424ab9458d44c4943e630644cb6b
- SHA512
  
  594342e9dd15a3d4b48c6af149f4c9af232064d285b333d90184df23383e75f7f6cb31da30a6d5c30f4692ca7045071ef2f0f13bcb3b3d25ed684756bfe52f42
- SSDEEP
  
  12288:AwHqB6cDKHO6YQ88sQYDELSgmCNZ+Jh5egpKbpaNNk3J94HKCtGzBgSBy:/EH6YQ8PwhZ+JhrUbpis8HKCtGzB
Score

10^/10

darkcomet youtube persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometyoutubepersistencerattrojanupx

behavioral2

darkcometyoutubepersistencerattrojanupx

© 2018-2024

Terms | Privacy