darkcomet | cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840 | Triage

Submit
Reports

Overview

overview

Static

static

cc6a4024de...40.exe

windows7-x64

cc6a4024de...40.exe

windows10-2004-x64

1

Sharing

General

Target

cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840
Size

543KB
Sample

221203-fd3nwsac8w
MD5

96c7d1e48dc8c187d14614fcfcc4539f
SHA1

bb561c67ec5e79391986661244d5ea295576c2cd
SHA256

cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840
SHA512

442c3c40cfec89bb5b2761e6caf566a61355e3c96954fde1aa7b46b36b382f93d0a17056129c844d126de5023acabf475b0457ef56e8ceb473de41a1d74f8a1d
SSDEEP

12288:cXEA70jUjmjPqVK+fACmOrOhJjSwf5Y+lAsMn:NVjPML4CmOrOuo5DAs

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840.exe

Resource

win7-20220812-en

darkcomet persistence rat trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840
- Size
  
  543KB
- MD5
  
  96c7d1e48dc8c187d14614fcfcc4539f
- SHA1
  
  bb561c67ec5e79391986661244d5ea295576c2cd
- SHA256
  
  cc6a4024deaf0dfe208fdd40e7280ded9927436b69b0ef81f478d4662818b840
- SHA512
  
  442c3c40cfec89bb5b2761e6caf566a61355e3c96954fde1aa7b46b36b382f93d0a17056129c844d126de5023acabf475b0457ef56e8ceb473de41a1d74f8a1d
- SSDEEP
  
  12288:cXEA70jUjmjPqVK+fACmOrOhJjSwf5Y+lAsMn:NVjPML4CmOrOuo5DAs
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

© 2018-2024

Terms | Privacy