darkcomet | efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6

Analysis

max time kernel
158s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Size

756KB
MD5

61109a5154ff42d0ea13218c8a445db5
SHA1

e183e30af4bcbaa83a06d1e6b8edf3feb5e04524
SHA256

efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6
SHA512

c416de5946b86dc0988192e378db4ed635a98bda479d1d00214b5e814b5b58be843de40afe97b48d2b2ea62f182fc20d4a71ccb065f48db05b675b1c49c9570c
SSDEEP

12288:v9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hmKlKebJ4:ZZ1xuVVjfFoynPaVBUR8f+kN10EB4hv

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 24 IoCs

Processes:

efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeSecurityPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeTakeOwnershipPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeLoadDriverPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeSystemProfilePrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeSystemtimePrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeProfSingleProcessPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeIncBasePriorityPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeCreatePagefilePrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeBackupPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeRestorePrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeShutdownPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeDebugPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeSystemEnvironmentPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeChangeNotifyPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeRemoteShutdownPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeUndockPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeManageVolumePrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeImpersonatePrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: SeCreateGlobalPrivilege	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: 33	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: 34	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: 35	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
Token: 36	2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe

pid process

2068 efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe

pid	process
2068	efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe

C:\Users\Admin\AppData\Local\Temp\efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe
"C:\Users\Admin\AppData\Local\Temp\efa5d268afc29d36341f62507ed86aa830452b329d75cb0f70d55c55165c06f6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2068

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads