darkcomet | c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500 | Triage

Submit
Reports

Overview

overview

Static

static

c4a3eb0612...00.exe

windows7-x64

c4a3eb0612...00.exe

windows10-2004-x64

Sharing

General

Target

c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
Size

347KB
Sample

221204-v8trssbd53
MD5

eefcea17c245d722fcfe515970a99b24
SHA1

100f1fa0224e1ae4b79fb661e29a7b22cf0e47fa
SHA256

c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
SHA512

23c08bc35f8e3c6e28173f0e6eadabe11638e40c3ec68ef0a6448a70739d340d29a3c3b75f887ed7aa807cfe40cc78b34c1f040fffa51cea87ba14553d4e08bb
SSDEEP

6144:CUPCHaSrGCFGMQZhKYWqdRBYn58JOBGmtMCANkRfX90OO1+JC5mfT4Neu:G62GiGMBHqhYOJONtMCesfXlKXk7A

Score

10^/10

darkcomet 13.07.12 crypter persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500.exe

Resource

win7-20220812-en

darkcomet 13.07.12 crypter persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500.exe

Resource

win10v2004-20220812-en

darkcomet 13.07.12 crypter persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

13.07.12 Crypter

C2

leetaka1337.no-ip.org:1604

Mutex

DC_MUTEX-JFX5RP1

Attributes

InstallPath
MSDCSC\winhost.exe
gencode
lCnq6VNbar2M
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
- Size
  
  347KB
- MD5
  
  eefcea17c245d722fcfe515970a99b24
- SHA1
  
  100f1fa0224e1ae4b79fb661e29a7b22cf0e47fa
- SHA256
  
  c4a3eb0612d558ec941be28a8a4b7734a822c5659db9f840a57567a971ffc500
- SHA512
  
  23c08bc35f8e3c6e28173f0e6eadabe11638e40c3ec68ef0a6448a70739d340d29a3c3b75f887ed7aa807cfe40cc78b34c1f040fffa51cea87ba14553d4e08bb
- SSDEEP
  
  6144:CUPCHaSrGCFGMQZhKYWqdRBYn58JOBGmtMCANkRfX90OO1+JC5mfT4Neu:G62GiGMBHqhYOJONtMCesfXlKXk7A
Score

10^/10

darkcomet 13.07.12 crypter persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomet13.07.12 crypterpersistencerattrojanupx

behavioral2

darkcomet13.07.12 crypterpersistencerattrojanupx

© 2018-2024

Terms | Privacy