darkcomet | c6f046412481145ab7556d3d6bb390c286f6ab292833c57a3b6a3c570817483f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
21-06-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00ae7ab4d6bf02d1358326df176f4023.exe
Size

865KB
MD5

00ae7ab4d6bf02d1358326df176f4023
SHA1

9393861cafd77f244b18cfbeec8d405e3903267f
SHA256

c6f046412481145ab7556d3d6bb390c286f6ab292833c57a3b6a3c570817483f
SHA512

b266dd7755b806318645fa67c985f77093e60bbc67bf904f97991ce3f15bd7fd96389bbdef0c26e977d8ef7e4db7097af90d749d98fe75d2b9b3655f19dd0d00
SSDEEP

24576:9ntlh2+wA42A4QRU2lW1ARbp2N9QNaGDlh3:9jA4a7iG3DlV

Score

10^/10

darkcomet rat trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

00ae7ab4d6bf02d1358326df176f4023.exe

description	pid	process	target process
PID 2872 wrote to memory of 2920	2872	00ae7ab4d6bf02d1358326df176f4023.exe	vbc.exe
PID 2872 wrote to memory of 2920	2872	00ae7ab4d6bf02d1358326df176f4023.exe	vbc.exe
PID 2872 wrote to memory of 2920	2872	00ae7ab4d6bf02d1358326df176f4023.exe	vbc.exe
PID 2872 wrote to memory of 2920	2872	00ae7ab4d6bf02d1358326df176f4023.exe	vbc.exe

C:\Users\Admin\AppData\Local\Temp\00ae7ab4d6bf02d1358326df176f4023.exe
"C:\Users\Admin\AppData\Local\Temp\00ae7ab4d6bf02d1358326df176f4023.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
2⤵
PID:2920

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x000007FEF5C1E000-0x000007FEF5C1F000-memory.dmp

Filesize
4KB

Download
memory/2872-1-0x0000000000D60000-0x0000000000E10000-memory.dmp

Filesize
704KB

Download
memory/2872-2-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp

Filesize
9.6MB

Download
memory/2872-3-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp

Filesize
9.6MB

Download
memory/2872-4-0x000007FEF5960000-0x000007FEF62FD000-memory.dmp

Filesize
9.6MB

Download