darkcomet | 86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a | Triage

Submit
Reports

Overview

overview

Static

static

86c277d8dc...2a.exe

windows7-x64

86c277d8dc...2a.exe

windows10-2004-x64

Sharing

General

Target

86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a
Size

418KB
Sample

221203-dbm5baca7w
MD5

bf67fdf8fe29e6ec7308291511249a6e
SHA1

b73c218ad338e3e8be83ef51e30c4f510e1d877c
SHA256

86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a
SHA512

11a13d788bdd8f34fd5bf852a090f2e7a96e18805da34d4d7d8ae94fdf494a4ee45601f43ea5fe2ba407c3776f81bb8ededa2a320d2390bf997b61a01ba74364
SSDEEP

12288:dey7BmWevJzUEWTBJ6fJGZ4JQLvISG6Ly1KsoPATVh9F4:dV7BmhzUEWCfJGRLn8Kj

Score

10^/10

darkcomet 1st persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a.exe

Resource

win7-20220812-en

darkcomet 1st persistence rat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a.exe

Resource

win10v2004-20220901-en

darkcomet 1st persistence rat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

1ST

C2

imohi999.zapto.org:1604

Mutex

DC_MUTEX-6F9QUAU

Attributes

gencode
laeZe1tFmb5q
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a
- Size
  
  418KB
- MD5
  
  bf67fdf8fe29e6ec7308291511249a6e
- SHA1
  
  b73c218ad338e3e8be83ef51e30c4f510e1d877c
- SHA256
  
  86c277d8dc9db1a266d0e1bd6532998d29193d566d7c2d43da7619c0a90f412a
- SHA512
  
  11a13d788bdd8f34fd5bf852a090f2e7a96e18805da34d4d7d8ae94fdf494a4ee45601f43ea5fe2ba407c3776f81bb8ededa2a320d2390bf997b61a01ba74364
- SSDEEP
  
  12288:dey7BmWevJzUEWTBJ6fJGZ4JQLvISG6Ly1KsoPATVh9F4:dV7BmhzUEWCfJGRLn8Kj
Score

10^/10

darkcomet 1st persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomet1stpersistencerattrojanupx

behavioral2

darkcomet1stpersistencerattrojanupx

© 2018-2024

Terms | Privacy