darkcomet | f92ab9dd9cd9a57858fdbdd26a0519366563a3ead6aeb473095d8c858e9acddd | Triage

Submit
Reports

Overview

overview

Static

static

3

254fea8a40...0f.exe

windows7-x64

3

254fea8a40...0f.exe

windows10-2004-x64

Sharing

General

Target

254fea8a40519644a57d043334ffeb0f
Size

416KB
Sample

231231-dd6pfacabq
MD5

254fea8a40519644a57d043334ffeb0f
SHA1

de2b94d3779b87d58df142bcd0369d4b6b52c32d
SHA256

f92ab9dd9cd9a57858fdbdd26a0519366563a3ead6aeb473095d8c858e9acddd
SHA512

f34421f5e6c8709e5366088432295042da99533feb4f08f196438582994f2db413b8a452b2ccf9fee82b46884adf6101533009e0aba796ec7eeced11dafc08f1
SSDEEP

6144:AqCfk+BrVH/ViH7qOKPhmmNcwRz6L2YTOgVqhwgksz3ridfxVt5rC4xECeS6c+Rn:AfYb1eaft9eSDBC5SyHNlIEF

Score

10^/10

darkcomet hf rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

254fea8a40519644a57d043334ffeb0f.exe

Resource

win7-20231215-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

254fea8a40519644a57d043334ffeb0f.exe

Resource

win10v2004-20231215-en

darkcomet hf rat trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

superwoman.no-ip.org:1604

Mutex

DC_MUTEX-0B9LJ7L

Attributes

gencode
zp33FDu9MJqx
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  254fea8a40519644a57d043334ffeb0f
- Size
  
  416KB
- MD5
  
  254fea8a40519644a57d043334ffeb0f
- SHA1
  
  de2b94d3779b87d58df142bcd0369d4b6b52c32d
- SHA256
  
  f92ab9dd9cd9a57858fdbdd26a0519366563a3ead6aeb473095d8c858e9acddd
- SHA512
  
  f34421f5e6c8709e5366088432295042da99533feb4f08f196438582994f2db413b8a452b2ccf9fee82b46884adf6101533009e0aba796ec7eeced11dafc08f1
- SSDEEP
  
  6144:AqCfk+BrVH/ViH7qOKPhmmNcwRz6L2YTOgVqhwgksz3ridfxVt5rC4xECeS6c+Rn:AfYb1eaft9eSDBC5SyHNlIEF
Score

10^/10

darkcomet hf rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

darkcomethfrattrojanupx

© 2018-2024

Terms | Privacy