darkcomet | 31a73247f851ee3026ea9d4037a210aa915d422dc6622e3df88af5b5b7e0579e | Triage

Submit
Reports

Overview

overview

Static

static

1

de065a8341...d7.exe

windows7-x64

de065a8341...d7.exe

windows10-2004-x64

3

Sharing

General

Target

de065a8341b7a637be0107ceef17b4d7
Size

755KB
Sample

240325-psjzrsaf2x
MD5

de065a8341b7a637be0107ceef17b4d7
SHA1

9587a1c776cb833f0b012930b473f88bd1363062
SHA256

31a73247f851ee3026ea9d4037a210aa915d422dc6622e3df88af5b5b7e0579e
SHA512

378d6c8f123283f3a29a59d8f97b121df1b7d5a5a468d1555ebd616c2a78309493d568e4db7b499601518c04467601e9fa4dc30a8191c472289ba15a6c3eb41a
SSDEEP

12288:p5eGs/77oay7+D5y4eq6/Okz7+KP/GVHA/bORHPe59PW/b+LUM29yeI4SRcW:0UBaD44e5LP1bSenPN2OCW

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

de065a8341b7a637be0107ceef17b4d7.exe

Resource

win7-20240221-en

darkcomet guest16 persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

de065a8341b7a637be0107ceef17b4d7.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

142.4.223.94:443

Mutex

DC_MUTEX-2N3MUT2

Attributes

gencode
tlBxLk56TrBk
install
false
offline_keylogger
true
password
azerty123
persistence
false

Targets

- Target
  
  de065a8341b7a637be0107ceef17b4d7
- Size
  
  755KB
- MD5
  
  de065a8341b7a637be0107ceef17b4d7
- SHA1
  
  9587a1c776cb833f0b012930b473f88bd1363062
- SHA256
  
  31a73247f851ee3026ea9d4037a210aa915d422dc6622e3df88af5b5b7e0579e
- SHA512
  
  378d6c8f123283f3a29a59d8f97b121df1b7d5a5a468d1555ebd616c2a78309493d568e4db7b499601518c04467601e9fa4dc30a8191c472289ba15a6c3eb41a
- SSDEEP
  
  12288:p5eGs/77oay7+D5y4eq6/Okz7+KP/GVHA/bORHPe59PW/b+LUM29yeI4SRcW:0UBaD44e5LP1bSenPN2OCW
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojanupx

behavioral2

© 2018-2024

Terms | Privacy