darkcomet | 338f5bb747c33ad50cad75c3facd2f3103ce294a608666635d0b66a6ad2ce12c | Triage

Submit
Reports

Overview

overview

Static

static

7

HELLO.exe

windows10-1703-x64

Sharing

General

Target

HELLO.exe
Size

232KB
Sample

240331-r8efbsdg5x
MD5

3d44b09f3692fbb7e048e1168c001cba
SHA1

e4782b1348431efe4c89d0340fe23ab81bc0a3f7
SHA256

338f5bb747c33ad50cad75c3facd2f3103ce294a608666635d0b66a6ad2ce12c
SHA512

7b4824d0243ce546ebe607d519494a7780422e1f693aff8b82a122dd004d157524cc3e58a39c3ee9cfb61e8b40ae0b6cff593776b05d6956f7479c6e20692392
SSDEEP

6144:djFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMroS:ZFy9bPQZlFjrG0ZmYbw+oS

Score

10^/10

darkcomet guest16_min persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HELLO.exe

Resource

win10-20240221-en

darkcomet guest16_min persistence rat trojan upx

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

lightttt.ddns.net:1604

Mutex

DCMIN_MUTEX-BJLBQY4

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
u03TbGe5ctBh
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  HELLO.exe
- Size
  
  232KB
- MD5
  
  3d44b09f3692fbb7e048e1168c001cba
- SHA1
  
  e4782b1348431efe4c89d0340fe23ab81bc0a3f7
- SHA256
  
  338f5bb747c33ad50cad75c3facd2f3103ce294a608666635d0b66a6ad2ce12c
- SHA512
  
  7b4824d0243ce546ebe607d519494a7780422e1f693aff8b82a122dd004d157524cc3e58a39c3ee9cfb61e8b40ae0b6cff593776b05d6956f7479c6e20692392
- SSDEEP
  
  6144:djFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMroS:ZFy9bPQZlFjrG0ZmYbw+oS
Score

10^/10

darkcomet guest16_min persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojanupx

© 2018-2024

Terms | Privacy