darkcomet | c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6 | Triage

Submit
Reports

Overview

overview

Static

static

c52abb32db...b6.exe

windows7-x64

c52abb32db...b6.exe

windows10-2004-x64

Sharing

General

Target

c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6
Size

384KB
Sample

221203-ca921sha3x
MD5

fd1db0659e64c6c253a6f6b6ef624151
SHA1

d3004a293774e76624155f2e0751d2abc3a64885
SHA256

c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6
SHA512

3650e7647eb478678cd459c5442223a4703f6ec7fe4a37bc644afe18821588dde06b36e488c07c718bd20f179c6937cb705343f903598ec3167bbe86248c5905
SSDEEP

6144:Hlb6SDOiIN4o2cOMayarS0IjX7n6wXmzbBFXoNWfi:H0Siiu2cOMayaZerXXmhFXPa

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6.exe

Resource

win7-20220901-en

darkcomet persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6.exe

Resource

win10v2004-20221111-en

darkcomet persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6
- Size
  
  384KB
- MD5
  
  fd1db0659e64c6c253a6f6b6ef624151
- SHA1
  
  d3004a293774e76624155f2e0751d2abc3a64885
- SHA256
  
  c52abb32db94605646393bb19038b26915e5e946965fbef23df8bb12fa95b4b6
- SHA512
  
  3650e7647eb478678cd459c5442223a4703f6ec7fe4a37bc644afe18821588dde06b36e488c07c718bd20f179c6937cb705343f903598ec3167bbe86248c5905
- SSDEEP
  
  6144:Hlb6SDOiIN4o2cOMayarS0IjX7n6wXmzbBFXoNWfi:H0Siiu2cOMayaZerXXmhFXPa
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy