darkcomet | 0147deb63002dc73cf7b0c5b6fb705b2b600c5dd8d07891fde7e701eee8883fc | Triage

Submit
Reports

Overview

overview

Static

static

3

0daf180fe0...b4.exe

windows7-x64

0daf180fe0...b4.exe

windows10-2004-x64

7

Sharing

General

Target

0daf180fe03e8e5ff0cbe6e3478a0db4
Size

520KB
Sample

231230-ejx5xsbaf3
MD5

0daf180fe03e8e5ff0cbe6e3478a0db4
SHA1

494b289001d136fa9f3d0821099d5fe2c25dc025
SHA256

0147deb63002dc73cf7b0c5b6fb705b2b600c5dd8d07891fde7e701eee8883fc
SHA512

c367b8debe6e16f0ac5e608af5442c6bb22aa38e9207ddb0e0c0ce46c743d3aa7598010785287a58aaf04b9d7b2c72166342d9e1000711a364c56d2d272c7a9e
SSDEEP

6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMb5:f9fC3hh29Ya77A90aFtDfT5IMb5

Score

10^/10

darkcomet privateeye rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0daf180fe03e8e5ff0cbe6e3478a0db4.exe

Resource

win7-20231215-en

darkcomet privateeye rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0daf180fe03e8e5ff0cbe6e3478a0db4.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

C2

ratblackshades.no-ip.biz:1604

Mutex

DC_MUTEX-ACC1R98

Attributes

gencode
8GG5LVVGljSF
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  0daf180fe03e8e5ff0cbe6e3478a0db4
- Size
  
  520KB
- MD5
  
  0daf180fe03e8e5ff0cbe6e3478a0db4
- SHA1
  
  494b289001d136fa9f3d0821099d5fe2c25dc025
- SHA256
  
  0147deb63002dc73cf7b0c5b6fb705b2b600c5dd8d07891fde7e701eee8883fc
- SHA512
  
  c367b8debe6e16f0ac5e608af5442c6bb22aa38e9207ddb0e0c0ce46c743d3aa7598010785287a58aaf04b9d7b2c72166342d9e1000711a364c56d2d272c7a9e
- SSDEEP
  
  6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMb5:f9fC3hh29Ya77A90aFtDfT5IMb5
Score

10^/10

darkcomet privateeye rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometprivateeyerattrojanupx

behavioral2

© 2018-2024

Terms | Privacy