darkcomet | db3f69eb0a40387036d0388781c666298dff79e991af1dcbdb053d2ddc688064 | Triage

Submit
Reports

Overview

overview

Static

static

3

Ultimate P...11.exe

windows7-x64

Ultimate P...11.exe

windows10-2004-x64

7

Sharing

General

Target

7f1a03330ad0d522ad60c72b9ff1b5f0_JaffaCakes118
Size

1.2MB
Sample

241030-n2mlks1pdt
MD5

7f1a03330ad0d522ad60c72b9ff1b5f0
SHA1

02ca7c90d24a8d4bd757c8debd161590d3593e7a
SHA256

db3f69eb0a40387036d0388781c666298dff79e991af1dcbdb053d2ddc688064
SHA512

5ca81d3f02f2f1e0074b7882d5874de1d7dfe6b9177024bf645d2f8b72a91d4e2311d10109601014e766f33814226b7f177ff145cd0a9b7713ceda34201786d3
SSDEEP

24576:99SVOunaFLd3QWmQ9q5qNjx++LuXCD+OeBgxvczYn8qeB5hKCiN:EC/3hq5CjE+3KOuzY9u5hKPN

Score

10^/10

darkcomet xtremerat guest16 discovery evasion persistence rat spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Ultimate Password Hacker 2011/Ultimate Password Hacker 2011.exe

Resource

win7-20240903-en

darkcomet xtremerat guest16 discovery evasion persistence rat spyware trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ultimate Password Hacker 2011/Ultimate Password Hacker 2011.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

eminem30.no-ip.org

Extracted

Family

darkcomet

Botnet

Guest16

C2

mafija.no-ip.org:1604

Mutex

DC_MUTEX-GVANDS4

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
WUgWAj4hWakq
install
true
offline_keylogger
true
password
eminem
persistence
true
reg_key
rundll32

Targets

- Target
  
  Ultimate Password Hacker 2011/Ultimate Password Hacker 2011.exe
- Size
  
  2.4MB
- MD5
  
  bdd0969fee3780c98c0bc55db4362ab5
- SHA1
  
  8f8712d061170a6baad9b6dec57cdfe727bd4886
- SHA256
  
  aed0d29605b857b18bade968b956cea5e275fc31592c8e4cdd7406abdc1937ad
- SHA512
  
  aa59de5cd64913a20dbf5b5805f76c4e4789ec97d072a328a1b7cd6f0ca9201fc6ae249b71798fa4c2b31faa3c190da98d25777fe3c2fa46ee6b23009501ed9f
- SSDEEP
  
  49152:oH2hEobT22ZmDhEKhEiCfbEZq4CKP5ErJ:8K
Score

10^/10

darkcomet xtremerat guest16 discovery evasion persistence rat spyware trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Detect XtremeRAT payload
- Modifies WinLogon for persistence
  persistence
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Xtremerat family
  xtremerat
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometxtremeratguest16discoveryevasionpersistenceratspywaretrojanupx

behavioral2

© 2018-2024

Terms | Privacy