Analysis Overview
SHA256
bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d
Threat Level: Known bad
The file Darkcomet RAT 5.3.1.zip was found to be: Known bad.
Malicious Activity Summary
Darkcomet
Darkcomet family
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 23:30
Signatures
Darkcomet family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 23:30
Reported
2024-06-15 23:31
Platform
win7-20240221-en
Max time kernel
21s
Max time network
18s
Command Line
Signatures
Darkcomet
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe"
Network
Files
memory/1984-0-0x0000000000260000-0x0000000000261000-memory.dmp
memory/1984-1-0x00000000049B0000-0x00000000049B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\config.ini
| MD5 | 0a5baccb60ddf613c9ef2b18e0b1863f |
| SHA1 | 39bb75213fab1a7b9ab51089ef54f43086d8b1f3 |
| SHA256 | 21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e |
| SHA512 | b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b |
memory/1984-39-0x0000000000260000-0x0000000000261000-memory.dmp
memory/1984-40-0x00000000049B0000-0x00000000049B1000-memory.dmp
memory/1984-41-0x0000000000400000-0x0000000000F67000-memory.dmp
memory/1984-43-0x0000000000400000-0x0000000000F67000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 23:30
Reported
2024-06-15 23:33
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Darkcomet
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\DarkComet.exe"
Network
Files
memory/2696-0-0x0000000002E60000-0x0000000002E61000-memory.dmp
memory/2696-1-0x00000000055F0000-0x00000000055F1000-memory.dmp
memory/2696-2-0x0000000006260000-0x0000000006261000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Darkcomet RAT 5.3.1\config.ini
| MD5 | 0a5baccb60ddf613c9ef2b18e0b1863f |
| SHA1 | 39bb75213fab1a7b9ab51089ef54f43086d8b1f3 |
| SHA256 | 21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e |
| SHA512 | b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b |
memory/2696-40-0x0000000000400000-0x0000000000F67000-memory.dmp
memory/2696-42-0x0000000002E60000-0x0000000002E61000-memory.dmp
memory/2696-43-0x00000000055F0000-0x00000000055F1000-memory.dmp
memory/2696-44-0x0000000006260000-0x0000000006261000-memory.dmp