darkcomet | 463d5d683ca55e95f8701d36543d6208fae366e065bc71fe663351450a4f8c24 | Triage

Submit
Reports

Overview

overview

Static

static

Doge-Miner203.exe

windows7-x64

Doge-Miner203.exe

windows10-2004-x64

Resubmissions

27-01-2023 19:10

230127-xvglescg25 10

27-01-2023 17:57

230127-wjv41adg9z 10

27-01-2023 17:47

230127-wcvjwsdg7x 10

Sharing

General

Target

Doge-Miner203.exe
Size

6.1MB
Sample

230127-wjv41adg9z
MD5

d7e6fd264bc937e3646de58e551a29db
SHA1

1db4664777b17e004f71cee4002f9ccc430413e4
SHA256

463d5d683ca55e95f8701d36543d6208fae366e065bc71fe663351450a4f8c24
SHA512

cc133bd0599c0a994c65c2ddc047dd7bec3d4032201feba63ac8f4a35582a31f2eed5d3bfe385fefda7e76d3e95415b1ccf1923a9b74a1792dc36c8f7caee837
SSDEEP

98304:tGFp32YKbG4vUdQUbSZ/I2jeYXyxd4494Wc9f:tEMbqQ5Z/pjVifXuT

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Doge-Miner203.exe

Resource

win7-20221111-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Doge-Miner203.exe

Resource

win10v2004-20220812-en

darkcomet persistence rat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Doge-Miner203.exe
- Size
  
  6.1MB
- MD5
  
  d7e6fd264bc937e3646de58e551a29db
- SHA1
  
  1db4664777b17e004f71cee4002f9ccc430413e4
- SHA256
  
  463d5d683ca55e95f8701d36543d6208fae366e065bc71fe663351450a4f8c24
- SHA512
  
  cc133bd0599c0a994c65c2ddc047dd7bec3d4032201feba63ac8f4a35582a31f2eed5d3bfe385fefda7e76d3e95415b1ccf1923a9b74a1792dc36c8f7caee837
- SSDEEP
  
  98304:tGFp32YKbG4vUdQUbSZ/I2jeYXyxd4494Wc9f:tEMbqQ5Z/pjVifXuT
Score

10^/10

persistence darkcomet rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy