darkcomet | 601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1 | Triage

Submit
Reports

Overview

overview

Static

static

601ad03cee...c1.exe

windows7-x64

601ad03cee...c1.exe

windows10-2004-x64

Sharing

General

Target

601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
Size

375KB
Sample

221130-3z21taga85
MD5

657b79ef025b2ed1c70fb8aefeda1df6
SHA1

ceb60d07ae73c6cbb9de4b0e7185aaae763d5b7c
SHA256

601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
SHA512

0bd736e0510ea4daab6394f9e445d2fc9f5f49aca1be3381968f725c84e8702228b9b08dbd49780f307d020cf845e12d47c6a51c778917c6c5e25bb5a666a91e
SSDEEP

6144:5BQte3EQXklI4BtF37lR7+8PXX6agEtzJvK1+7W8OuUGgBU0Z2iw:5BQteFXmDtF3pR7PX6aFtzr7NOu4vov

Score

10^/10

darkcomet victem evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1.exe

Resource

win7-20220812-en

darkcomet victem evasion persistence rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1.exe

Resource

win10v2004-20220812-en

darkcomet victem evasion persistence rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

victem

C2

nothanks.no-ip.org:1604

Mutex

DC_MUTEX-B5AZ2X3

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
XDbFNVHYNmmR
install
true
offline_keylogger
true
password
123
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
- Size
  
  375KB
- MD5
  
  657b79ef025b2ed1c70fb8aefeda1df6
- SHA1
  
  ceb60d07ae73c6cbb9de4b0e7185aaae763d5b7c
- SHA256
  
  601ad03ceea7d536b33d7f8415e01a26f4046e2c9fd0c3c510beb55463f78fc1
- SHA512
  
  0bd736e0510ea4daab6394f9e445d2fc9f5f49aca1be3381968f725c84e8702228b9b08dbd49780f307d020cf845e12d47c6a51c778917c6c5e25bb5a666a91e
- SSDEEP
  
  6144:5BQte3EQXklI4BtF37lR7+8PXX6agEtzJvK1+7W8OuUGgBU0Z2iw:5BQteFXmDtF3pR7PX6aFtzr7NOu4vov
Score

10^/10

darkcomet victem evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometvictemevasionpersistencerattrojanupx

behavioral2

darkcometvictemevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy