darkcomet | 8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c | Triage

Submit
Reports

Overview

overview

Static

static

8c97df2ada...3c.exe

windows7-x64

8c97df2ada...3c.exe

windows10-2004-x64

Sharing

General

Target

8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c
Size

535KB
Sample

221201-bh5xlabb97
MD5

93d9b292cd63f1ea011ef3b4febf1306
SHA1

f8ca7a07711f31721c10e815e56d5481aae2649f
SHA256

8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c
SHA512

ccc5a72f7ef4d2899111064eba2305469d65ef5b67f88b667ac1b6f32dfd0eca2458e02059b761a4df26bcca2db49a357cd0b9919747e7553da6d60bddd70f82
SSDEEP

12288:Lvl9eg1DTCchbfP5u97nK84KrJJKlHqVPZyf9QQnahxJCPTbE672l:zlwEThuTeKz/QTV

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c.exe

Resource

win7-20220812-en

darkcomet evasion persistence rat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c.exe

Resource

win10v2004-20220812-en

darkcomet evasion persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c
- Size
  
  535KB
- MD5
  
  93d9b292cd63f1ea011ef3b4febf1306
- SHA1
  
  f8ca7a07711f31721c10e815e56d5481aae2649f
- SHA256
  
  8c97df2ada1b9b229bbeaddf77a8d3e9d5e6033f596230f4354be4fd6dda833c
- SHA512
  
  ccc5a72f7ef4d2899111064eba2305469d65ef5b67f88b667ac1b6f32dfd0eca2458e02059b761a4df26bcca2db49a357cd0b9919747e7553da6d60bddd70f82
- SSDEEP
  
  12288:Lvl9eg1DTCchbfP5u97nK84KrJJKlHqVPZyf9QQnahxJCPTbE672l:zlwEThuTeKz/QTV
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

darkcometevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy