darkcomet | 4099671382740bc5a0c974d9f35bfde03aaced3db3ea0dc7789e4531ade1112f | Triage

Submit
Reports

Overview

overview

Static

static

3

31534e5de2...ac.exe

windows7-x64

31534e5de2...ac.exe

windows10-2004-x64

Sharing

General

Target

31534e5de27973d6a6360dd8c647dbac
Size

520KB
Sample

231219-ql2fxaefe9
MD5

31534e5de27973d6a6360dd8c647dbac
SHA1

789619ffe154ba762485de7ad5fafba20146b3d9
SHA256

4099671382740bc5a0c974d9f35bfde03aaced3db3ea0dc7789e4531ade1112f
SHA512

62c0fabb29b3182d0e56a876c5d11a89bbf7d0e1f5bd7412587f7261d05772592152598464be3340d498247d777c0e38c06d038a69ccb120f3fc2f9c94773cae
SSDEEP

6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbD:f9fC3hh29Ya77A90aFtDfT5IMbD

Score

10^/10

darkcomet privateeye rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

31534e5de27973d6a6360dd8c647dbac.exe

Resource

win7-20231201-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

31534e5de27973d6a6360dd8c647dbac.exe

Resource

win10v2004-20231215-en

darkcomet privateeye rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

C2

ratblackshades.no-ip.biz:1604

Mutex

DC_MUTEX-ACC1R98

Attributes

gencode
8GG5LVVGljSF
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  31534e5de27973d6a6360dd8c647dbac
- Size
  
  520KB
- MD5
  
  31534e5de27973d6a6360dd8c647dbac
- SHA1
  
  789619ffe154ba762485de7ad5fafba20146b3d9
- SHA256
  
  4099671382740bc5a0c974d9f35bfde03aaced3db3ea0dc7789e4531ade1112f
- SHA512
  
  62c0fabb29b3182d0e56a876c5d11a89bbf7d0e1f5bd7412587f7261d05772592152598464be3340d498247d777c0e38c06d038a69ccb120f3fc2f9c94773cae
- SSDEEP
  
  6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbD:f9fC3hh29Ya77A90aFtDfT5IMbD
Score

10^/10

darkcomet privateeye rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

darkcometprivateeyerattrojanupx

© 2018-2024

Terms | Privacy