darkcomet | 06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66 | Triage

Submit
Reports

Overview

overview

Static

static

5

06525df1ba...66.exe

windows7-x64

06525df1ba...66.exe

windows10-2004-x64

Sharing

General

Target

06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66
Size

967KB
Sample

221202-w71dmaga3z
MD5

245d2cec5bb0f3cb375028c72ef684f0
SHA1

e4030d976f994697dd482fdae62258b55b0c3eed
SHA256

06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66
SHA512

59658b4db272d15b4680f6546168f72ea34c7125e45fa91b0694443cb020f1fe2fb92e88e01ca545cc2ccb1420aa208fee4019436a3c9c0947a04a8465e04a59
SSDEEP

24576:gRmJkcoQricOIQxiZY1iavReA7pZk0/arYy:VJZoQrbTFZY1iavRtpTcYy

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66.exe

Resource

win7-20221111-en

darkcomet guest16 rat trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66.exe

Resource

win10v2004-20221111-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:321

Mutex

DC_MUTEX-R0X7EMW

Attributes

gencode
8wq0x7iUlHMN
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66
- Size
  
  967KB
- MD5
  
  245d2cec5bb0f3cb375028c72ef684f0
- SHA1
  
  e4030d976f994697dd482fdae62258b55b0c3eed
- SHA256
  
  06525df1ba0a8ef25cedd5e010b062eea40a40c3c9862f51afdbc3b2b23f5a66
- SHA512
  
  59658b4db272d15b4680f6546168f72ea34c7125e45fa91b0694443cb020f1fe2fb92e88e01ca545cc2ccb1420aa208fee4019436a3c9c0947a04a8465e04a59
- SSDEEP
  
  24576:gRmJkcoQricOIQxiZY1iavReA7pZk0/arYy:VJZoQrbTFZY1iavRtpTcYy
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy