darkcomet | a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524 | Triage

Submit
Reports

Overview

overview

Static

static

3

a584adb1a8...24.exe

windows7-x64

a584adb1a8...24.exe

windows10-2004-x64

Sharing

General

Target

a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524.exe
Size

482KB
Sample

241122-kc1kcsxmfz
MD5

f2f7cfa52dfc0b877df89c4bf4d138a7
SHA1

e6804bcca41c74d1c6444617aa2423d299d22ef0
SHA256

a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524
SHA512

bb8adb6edf1d37889f593f85e52be2e68440ce7be11bac64de82356405b5e22a0dc0f03ef8597786a1c07ac44ab174dfcbd621daad54cfdb1cfa31f5fa74a589
SSDEEP

6144:N5aR3qdsUCvsj5TFbqJv3JJ9HHuvyrMhKZeKeSaAqEX5S0gQe05yG+rR8D4p/k1:N5aRadsUCEj5TFu5baAX5S7rKA24x8

Score

10^/10

darkcomet november discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524.exe

Resource

win7-20240903-en

darkcomet november discovery persistence rat trojan upx

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524.exe

Resource

win10v2004-20241007-en

darkcomet november discovery persistence rat trojan upx

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

November

C2

m1kr.no-ip.org:1604

m1kr.no-ip.org:5555

m1kr.no-ip.org:200

m1kr.no-ip.org:300

nogameress.sytes.net:222

nogameress.sytes.net:333

nogameress.sytes.net:200

nogameress.sytes.net:300

nogameress.sytes.net:1604

Mutex

DC_MUTEX-7YGZD14

Attributes

gencode
YSQq3rnTFa3W
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524.exe
- Size
  
  482KB
- MD5
  
  f2f7cfa52dfc0b877df89c4bf4d138a7
- SHA1
  
  e6804bcca41c74d1c6444617aa2423d299d22ef0
- SHA256
  
  a584adb1a81d88a9d61cf8929d2e7ceeb4d22d5209a390b15ffdb91c82a42524
- SHA512
  
  bb8adb6edf1d37889f593f85e52be2e68440ce7be11bac64de82356405b5e22a0dc0f03ef8597786a1c07ac44ab174dfcbd621daad54cfdb1cfa31f5fa74a589
- SSDEEP
  
  6144:N5aR3qdsUCvsj5TFbqJv3JJ9HHuvyrMhKZeKeSaAqEX5S0gQe05yG+rR8D4p/k1:N5aRadsUCEj5TFu5baAX5S7rKA24x8
Score

10^/10

darkcomet november discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometnovemberdiscoverypersistencerattrojanupx

behavioral2

darkcometnovemberdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy