darkcomet | 37ad37d2b58bc6bb5f13cbadb8e97b66b7a04541b8bba4a7e8c07c98dd356c26 | Triage

Submit
Reports

Overview

overview

Static

static

3

4be3a6686a...fN.exe

windows7-x64

4be3a6686a...fN.exe

windows10-2004-x64

Sharing

General

Target

4be3a6686a4ea050f870f1bafb1cb6a63549e525f4215af3ff26a3de545908ffN.exe
Size

520KB
Sample

241110-ynbx2atka1
MD5

f27c83ca93b05f487a02bf6729e45c96
SHA1

ed0cad92fff0d485a3e3b2234ea6404350ee4cd1
SHA256

37ad37d2b58bc6bb5f13cbadb8e97b66b7a04541b8bba4a7e8c07c98dd356c26
SHA512

63d5ddcd9d1d0a23e917853cabce96058cd926f06b4d66f4b026b61a577689c687493146321058bdda271e8fd85374586169416d9b5b01b5b53031d8c80570f4
SSDEEP

6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbL:f9fC3hh29Ya77A90aFtDfT5IMbL

Score

10^/10

darkcomet privateeye discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4be3a6686a4ea050f870f1bafb1cb6a63549e525f4215af3ff26a3de545908ffN.exe

Resource

win7-20240729-en

darkcomet privateeye discovery persistence rat trojan upx

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

4be3a6686a4ea050f870f1bafb1cb6a63549e525f4215af3ff26a3de545908ffN.exe

Resource

win10v2004-20241007-en

darkcomet privateeye discovery rat trojan upx

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

C2

ratblackshades.no-ip.biz:1604

Mutex

DC_MUTEX-ACC1R98

Attributes

gencode
8GG5LVVGljSF
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  4be3a6686a4ea050f870f1bafb1cb6a63549e525f4215af3ff26a3de545908ffN.exe
- Size
  
  520KB
- MD5
  
  f27c83ca93b05f487a02bf6729e45c96
- SHA1
  
  ed0cad92fff0d485a3e3b2234ea6404350ee4cd1
- SHA256
  
  37ad37d2b58bc6bb5f13cbadb8e97b66b7a04541b8bba4a7e8c07c98dd356c26
- SHA512
  
  63d5ddcd9d1d0a23e917853cabce96058cd926f06b4d66f4b026b61a577689c687493146321058bdda271e8fd85374586169416d9b5b01b5b53031d8c80570f4
- SSDEEP
  
  6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbL:f9fC3hh29Ya77A90aFtDfT5IMbL
Score

10^/10

darkcomet privateeye discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometprivateeyediscoverypersistencerattrojanupx

behavioral2

darkcometprivateeyediscoveryrattrojanupx

© 2018-2024

Terms | Privacy