darkcomet | 038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248 | Triage

Submit
Reports

Overview

overview

Static

static

038d46f839...48.exe

windows7-x64

038d46f839...48.exe

windows10-2004-x64

Sharing

General

Target

038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248
Size

412KB
Sample

221130-yea95sce5x
MD5

9ea2d87a3240b1ed3572b09b6ea82184
SHA1

2f4693f094e2599c81b44db02c55febbfcb8c6c6
SHA256

038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248
SHA512

9263a6e2db965d8b338de80acb612aa586df67d3df4e7571b460ea87dcfefe2a0c73e84176b9f7c7a316674e6567084e37d6fec242aa17f1e991d0c1b5168b6f
SSDEEP

6144:8EI/ei9bDWdzQC5idKSEuFgnHqn330Gf26Wgtlp8Epf2eChBjGp:TIWiDWf5iFd3rTptlVpu5BjG

Score

10^/10

darkcomet fox persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248.exe

Resource

win7-20220901-en

darkcomet fox persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248.exe

Resource

win10v2004-20221111-en

darkcomet fox persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

FOX

C2

victima.no-ip.org:1604

Mutex

DC_MUTEX-CDCTEU8

Attributes

gencode
vgaa5pRq69ks
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248
- Size
  
  412KB
- MD5
  
  9ea2d87a3240b1ed3572b09b6ea82184
- SHA1
  
  2f4693f094e2599c81b44db02c55febbfcb8c6c6
- SHA256
  
  038d46f8398cdc25d00a9a57990a09c6df0c20650b4e210bbed8a0ffedffd248
- SHA512
  
  9263a6e2db965d8b338de80acb612aa586df67d3df4e7571b460ea87dcfefe2a0c73e84176b9f7c7a316674e6567084e37d6fec242aa17f1e991d0c1b5168b6f
- SSDEEP
  
  6144:8EI/ei9bDWdzQC5idKSEuFgnHqn330Gf26Wgtlp8Epf2eChBjGp:TIWiDWf5iFd3rTptlVpu5BjG
Score

10^/10

darkcomet fox persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometfoxpersistencerattrojanupx

behavioral2

darkcometfoxpersistencerattrojanupx

© 2018-2024

Terms | Privacy