darkcomet | ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa | Triage

Submit
Reports

Overview

overview

Static

static

8

ad98ea7ea7...fa.exe

windows7-x64

ad98ea7ea7...fa.exe

windows10-2004-x64

Sharing

General

Target

ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa
Size

1011KB
Sample

221202-s1784sbb53
MD5

1e2ada60e9fe12be9159c1001b216bc0
SHA1

bb800be2c4ed227f70b9375a4e2121d748b934be
SHA256

ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa
SHA512

f68ef9c0e2f39b5914385524b18fd18dcacf3dfa57babbd4b4bd3292c5e9e26df978bc21730428709ca9b2e7a2c7d39f9cd27537d4e00893f7fec84d88ed2904
SSDEEP

24576:dthEVaPqL5+4bblJFS1HIHpRhechqUwzdXcBi:FEVUcw4bblJFGH0RhizdMBi

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa.exe

Resource

win7-20220812-en

darkcomet guest16 rat trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa.exe

Resource

win10v2004-20221111-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hihi.no-ip.org:1604

Mutex

DC_MUTEX-T082D78

Attributes

gencode
XsTjKMsagH0e
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa
- Size
  
  1011KB
- MD5
  
  1e2ada60e9fe12be9159c1001b216bc0
- SHA1
  
  bb800be2c4ed227f70b9375a4e2121d748b934be
- SHA256
  
  ad98ea7ea754fe71ec141da0be9aa3acce82fed3716c23f0d13e157e31cb3afa
- SHA512
  
  f68ef9c0e2f39b5914385524b18fd18dcacf3dfa57babbd4b4bd3292c5e9e26df978bc21730428709ca9b2e7a2c7d39f9cd27537d4e00893f7fec84d88ed2904
- SSDEEP
  
  24576:dthEVaPqL5+4bblJFS1HIHpRhechqUwzdXcBi:FEVUcw4bblJFGH0RhizdMBi
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy