darkcomet | b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9 | Triage

Submit
Reports

Overview

overview

Static

static

7

b8fdffbc9f...9N.exe

windows7-x64

b8fdffbc9f...9N.exe

windows10-2004-x64

Sharing

General

Target

b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9N
Size

964KB
Sample

241023-vqxqqstbqj
MD5

55ef299dc3a3c80f25554923566ac6a0
SHA1

55313910c1e6c2c8b9aaf718032abec535827f7b
SHA256

b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9
SHA512

ecb41fa1838b88205ea28514d2483044e36057a67743e712f8653497e5e24fe56ac9662fd2b05de634eaa945d639cc29e516323e906aff67725420d9800fc557
SSDEEP

24576:O/9tT24rAjDLG50Xot0fvF+2rGVvELMR2mA6O:OrUL4taI2O52xL

Score

10^/10

darkcomet fud crypt aspackv2 discovery persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9N.exe

Resource

win7-20241010-en

darkcomet fud crypt aspackv2 discovery persistence rat trojan

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9N.exe

Resource

win10v2004-20241007-en

darkcomet fud crypt aspackv2 discovery persistence rat trojan

windows10-2004-x64

13 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

FUD Crypt

C2

wcrat2.no-ip.org:201

Mutex

DC_MUTEX-F9SVRHH

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
j6CuqwUwAD5D
install
true
offline_keylogger
true
persistence
true
reg_key
msdcsc.exe

Targets

- Target
  
  b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9N
- Size
  
  964KB
- MD5
  
  55ef299dc3a3c80f25554923566ac6a0
- SHA1
  
  55313910c1e6c2c8b9aaf718032abec535827f7b
- SHA256
  
  b8fdffbc9feea0a09a486ef190122efa7defd7a41bf3e3dacdc6ac6c4f5d38d9
- SHA512
  
  ecb41fa1838b88205ea28514d2483044e36057a67743e712f8653497e5e24fe56ac9662fd2b05de634eaa945d639cc29e516323e906aff67725420d9800fc557
- SSDEEP
  
  24576:O/9tT24rAjDLG50Xot0fvF+2rGVvELMR2mA6O:OrUL4taI2O52xL
Score

10^/10

darkcomet fud crypt aspackv2 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometfud cryptaspackv2discoverypersistencerattrojan

behavioral2

darkcometfud cryptaspackv2discoverypersistencerattrojan

© 2018-2024

Terms | Privacy