darkcomet | 164104f25938819d33de2b24d8c9290e17debe6f46f46ff7e4e981211772b202 | Triage

Submit
Reports

Overview

overview

Static

static

1

139304cb72...18.exe

windows7-x64

139304cb72...18.exe

windows10-2004-x64

3

Sharing

General

Target

139304cb72f83bb7f7545169ffcf676f_JaffaCakes118
Size

368KB
Sample

240504-t3gplsec76
MD5

139304cb72f83bb7f7545169ffcf676f
SHA1

6511600a0affc92fa8d4b520b217fd6c1579acd3
SHA256

164104f25938819d33de2b24d8c9290e17debe6f46f46ff7e4e981211772b202
SHA512

bd797c2a6f9e849e1be5238a2a857dd6ba437d560a87576ad613e0a7f21370aa3ff2d1236a1bd149c26b5cb4d522b1a62c4b6c4c001544762b380efdc674a59d
SSDEEP

6144:Zu2bEB/dQIdY8jgW/3G7fRNHNZJw9w5ZoNAYWHWz5Hn5qrJb+fkDlVSmmS:Q2bEBVQgT3CLJNwQ9rVA+N5

Score

10^/10

darkcomet pulifrici rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

139304cb72f83bb7f7545169ffcf676f_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet pulifrici rat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

139304cb72f83bb7f7545169ffcf676f_JaffaCakes118.exe

Resource

win10v2004-20240419-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

pulifrici

C2

vasilee.chickenkiller.com:200

Mutex

DCMIN_MUTEX-6UE7T6W

Attributes

gencode
l404iQ4l5v68
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  139304cb72f83bb7f7545169ffcf676f_JaffaCakes118
- Size
  
  368KB
- MD5
  
  139304cb72f83bb7f7545169ffcf676f
- SHA1
  
  6511600a0affc92fa8d4b520b217fd6c1579acd3
- SHA256
  
  164104f25938819d33de2b24d8c9290e17debe6f46f46ff7e4e981211772b202
- SHA512
  
  bd797c2a6f9e849e1be5238a2a857dd6ba437d560a87576ad613e0a7f21370aa3ff2d1236a1bd149c26b5cb4d522b1a62c4b6c4c001544762b380efdc674a59d
- SSDEEP
  
  6144:Zu2bEB/dQIdY8jgW/3G7fRNHNZJw9w5ZoNAYWHWz5Hn5qrJb+fkDlVSmmS:Q2bEBVQgT3CLJNwQ9rVA+N5
Score

10^/10

darkcomet pulifrici rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpulifricirattrojanupx

behavioral2

© 2018-2024

Terms | Privacy