Overview

overview

10

Static

static

10

Dark comet .zip

windows11-21h2-x64

1

Dark comet....3.zip

windows11-21h2-x64

1

Dark Comet...et.exe

windows11-21h2-x64

10

Dark comet...wb.zip

windows11-21h2-x64

1

DarkComet-...et.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    322s
  • max time network
    309s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-09-2024 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DarkComet-RAT v4.2F fwb/DarkComet/DarkComet.exe

  • Size

    9.8MB

  • MD5

    725c03e97e1f33bef9f47021ad8883b6

  • SHA1

    3912db7b2070537178af5134f27bd508a6b0245f

  • SHA256

    bc01c98fcd3e3bcf836254ba2ea39813c9129c342a609fc8c9dfc59b94f0a2f6

  • SHA512

    c0e51a8ce83487a51bc577335ccd678bf238e6f94d6db5e7d9f1a52a864fa23bdd65e39ab494367f7730e9011533dda128b045344672759d04f2f60890149ea2

  • SSDEEP

    98304:A2zCi/L6DZ9Zf3XdKcde8vorlBSFZyqBAc7c1KNkaoCY6ptXvja0NPIXlVqkoe/e:vzC5DZ/Xdns6oZ1EMDao+vjaCwWb0e

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DarkComet-RAT v4.2F fwb\DarkComet\DarkComet.exe
    "C:\Users\Admin\AppData\Local\Temp\DarkComet-RAT v4.2F fwb\DarkComet\DarkComet.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DarkComet-RAT v4.2F fwb\DarkComet\config.ini
    Filesize

    494B

    MD5

    0e84551642aa05c9ad961ddcba157bf0

    SHA1

    efd7b0d32815f1b3698483404124b34f4c0a1558

    SHA256

    cb02ad43da0424a140d7aa77cc5d465be22fcebf25c692db51e31a55c2b32764

    SHA512

    6d85dd4888572cbed066218ce9cb9991f6b776d2154524547c59884fd31ac647428a0e3f6ab4c61441871cfecab392b6f19e78d0d658034540d2236f86bea2e9

    Download Submit

  • memory/1280-7-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-24-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-5-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1280-6-0x0000000005C90000-0x0000000005C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1280-8-0x0000000005F70000-0x0000000005F71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1280-0-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1280-23-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-3-0x0000000005F70000-0x0000000005F71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1280-25-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-26-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-27-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-28-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1280-2-0x0000000005C90000-0x0000000005C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1280-78-0x0000000000400000-0x0000000000DE7000-memory.dmp

    Filesize

    9.9MB

    Download