darkcomet | e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f | Triage

Submit
Reports

Overview

overview

Static

static

e8f17fe148...4f.exe

windows7-x64

e8f17fe148...4f.exe

windows10-2004-x64

Sharing

General

Target

e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f
Size

291KB
Sample

221203-dtmlhadf2y
MD5

fdd2c8263c374973bc7cb9f0602b04ba
SHA1

8cc09844a1116b7f09d09160ae0743fbf2b39e35
SHA256

e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f
SHA512

a8faa425ac72dd205e1fa1aeb6c650e724e57469695b1b87679ea735c6e59096712580516f82b0681337e4eeec2cc0067018d85a6175b2cee943ee91299a2cb5
SSDEEP

6144:A2ckdGiHBX6ZZ7jdObvG4MbT5/x8utNK:HtnHBqZZAbPMP551NK

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f.exe

Resource

win7-20220812-en

darkcomet persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f.exe

Resource

win10v2004-20220812-en

darkcomet persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f
- Size
  
  291KB
- MD5
  
  fdd2c8263c374973bc7cb9f0602b04ba
- SHA1
  
  8cc09844a1116b7f09d09160ae0743fbf2b39e35
- SHA256
  
  e8f17fe148aacdc799ff3e3ae535c48b391b37e14d739e375793da1d50a1454f
- SHA512
  
  a8faa425ac72dd205e1fa1aeb6c650e724e57469695b1b87679ea735c6e59096712580516f82b0681337e4eeec2cc0067018d85a6175b2cee943ee91299a2cb5
- SSDEEP
  
  6144:A2ckdGiHBX6ZZ7jdObvG4MbT5/x8utNK:HtnHBqZZAbPMP551NK
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy