darkcomet | 4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b | Triage

Submit
Reports

Overview

overview

Static

static

5

4eb72e48cf...3b.exe

windows7-x64

4eb72e48cf...3b.exe

windows10-2004-x64

Sharing

General

Target

4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
Size

922KB
Sample

221206-2vkejaee7v
MD5

012318a76ded2c3f07bc87951161e230
SHA1

36b461903b381fd4c9d411dd9ba2de6f447f0c02
SHA256

4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
SHA512

7335849867e421fdf1ea669faeb36e6cbfe43eea369fbb494254634557c2a8c62dcc8e1d209d3b7ee7aa978b2aac2ec9bc7caab61bb290ab421d128fcf78f40c
SSDEEP

24576:FRmJkcoQricOIQxiZY1/a3c9gEsKvNyG/dT:KJZoQrbTFZY1/aMfvzFT

Score

10^/10

darkcomet zombie persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b.exe

Resource

win7-20220812-en

darkcomet zombie persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b.exe

Resource

win10v2004-20221111-en

darkcomet zombie persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Zombie

C2

crypto.zapto.org:10000

Mutex

DC_MUTEX-17A0K8Q

Attributes

gencode
d1zglQGL3Wry
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
- Size
  
  922KB
- MD5
  
  012318a76ded2c3f07bc87951161e230
- SHA1
  
  36b461903b381fd4c9d411dd9ba2de6f447f0c02
- SHA256
  
  4eb72e48cfb33c9acef07a2e751778c015017c596c853c457480fc4789ace93b
- SHA512
  
  7335849867e421fdf1ea669faeb36e6cbfe43eea369fbb494254634557c2a8c62dcc8e1d209d3b7ee7aa978b2aac2ec9bc7caab61bb290ab421d128fcf78f40c
- SSDEEP
  
  24576:FRmJkcoQricOIQxiZY1/a3c9gEsKvNyG/dT:KJZoQrbTFZY1/aMfvzFT
Score

10^/10

darkcomet zombie persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometzombiepersistencerattrojan

behavioral2

darkcometzombiepersistencerattrojan

© 2018-2024

Terms | Privacy