darkcomet | b583051d4ffc47ff0ab7a3580d9fd0ee3a09f017f51a081512465ecef36e5f05 | Triage

Submit
Reports

Overview

overview

Static

static

3

c965358844...KI.exe

windows7-x64

c965358844...KI.exe

windows10-2004-x64

Sharing

General

Target

c9653588440ea3e16cb487733847fcf0_NEIKI
Size

3.8MB
Sample

240508-q11g6afd8w
MD5

c9653588440ea3e16cb487733847fcf0
SHA1

1ac6e80f7d3f7f933320ccb817b35d4e982e84a2
SHA256

b583051d4ffc47ff0ab7a3580d9fd0ee3a09f017f51a081512465ecef36e5f05
SHA512

0ec59292dcffd7d513ae1a74486f458b3ec33526c96e1548026192ac9729ead487c45781485ed3cb03cbef4a5b58dac924a9c79d9e8cec6a0d1051a0b77fc393
SSDEEP

98304:oJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwXi:oJwakG4fYrq1HJvpliCQHawbzBbGSlaQ

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c9653588440ea3e16cb487733847fcf0_NEIKI.exe

Resource

win7-20240221-en

darkcomet persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9653588440ea3e16cb487733847fcf0_NEIKI.exe

Resource

win10v2004-20240426-en

darkcomet persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c9653588440ea3e16cb487733847fcf0_NEIKI
- Size
  
  3.8MB
- MD5
  
  c9653588440ea3e16cb487733847fcf0
- SHA1
  
  1ac6e80f7d3f7f933320ccb817b35d4e982e84a2
- SHA256
  
  b583051d4ffc47ff0ab7a3580d9fd0ee3a09f017f51a081512465ecef36e5f05
- SHA512
  
  0ec59292dcffd7d513ae1a74486f458b3ec33526c96e1548026192ac9729ead487c45781485ed3cb03cbef4a5b58dac924a9c79d9e8cec6a0d1051a0b77fc393
- SSDEEP
  
  98304:oJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwXi:oJwakG4fYrq1HJvpliCQHawbzBbGSlaQ
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy