darkcomet | d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc | Triage

Submit
Reports

Overview

overview

Static

static

d2e1476217...cc.exe

windows7-x64

d2e1476217...cc.exe

windows10-2004-x64

Sharing

General

Target

d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc
Size

726KB
Sample

221201-acyewsgd93
MD5

815834954935b34a2d96f0249a8b4aca
SHA1

b01e3b78e8ea504a80420994cdd25b644d031bc2
SHA256

d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc
SHA512

532882f306b2873b640c8236b283a705e5608d71ac7ef698a17c958702a86672cd43f22cbbd073140bd12b143c9fa231de45e0c246d741b383bde6b1bffb71a3
SSDEEP

12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLd9EkgC/hl0qeK3L:qZ1xuVVjfFoynPaVBUR8f+kN1PEWwzKb

Score

10^/10

darkcomet sality guest16 backdoor evasion rat trojan upx

Static task

static1

guest16 darkcomet

1 signatures

Behavioral task

behavioral1

Sample

d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc.exe

Resource

win7-20221111-en

darkcomet sality guest16 backdoor evasion rat trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc.exe

Resource

win10v2004-20220812-en

darkcomet sality guest16 backdoor evasion rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:81

Mutex

DC_MUTEX-43TZZGV

Attributes

gencode
k2ztQXlXVuZa
install
false
offline_keylogger
true
persistence
false

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Targets

- Target
  
  d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc
- Size
  
  726KB
- MD5
  
  815834954935b34a2d96f0249a8b4aca
- SHA1
  
  b01e3b78e8ea504a80420994cdd25b644d031bc2
- SHA256
  
  d2e1476217647ea61bc40f217754ced32825cb6d13bc3d5b18440c3b8cef10cc
- SHA512
  
  532882f306b2873b640c8236b283a705e5608d71ac7ef698a17c958702a86672cd43f22cbbd073140bd12b143c9fa231de45e0c246d741b383bde6b1bffb71a3
- SSDEEP
  
  12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLd9EkgC/hl0qeK3L:qZ1xuVVjfFoynPaVBUR8f+kN1PEWwzKb
Score

10^/10

darkcomet sality guest16 backdoor evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometsalityguest16backdoorevasionrattrojanupx

behavioral2

darkcometsalityguest16backdoorevasionrattrojanupx

© 2018-2024

Terms | Privacy