darkcomet | 7d52e8825402088889507a1f1a2d540635dee9b27a5e64e0596b77e1d13c9690 | Triage

Submit
Reports

Overview

overview

Static

static

5

5cdcc9bc32...b2.exe

windows11-21h2-x64

Sharing

General

Target

241126-3q4s2sslhm_pw_infected.zip
Size

573KB
Sample

241127-jctldatnft
MD5

d5ccd79bcb0d9bd0441bb7414956157b
SHA1

4aa27928c7270b3033173512e8dcf17faa54e6a4
SHA256

7d52e8825402088889507a1f1a2d540635dee9b27a5e64e0596b77e1d13c9690
SHA512

e907b44e24db9f46edfe8e9a2b7eb943745f5b4f8ace28ad19589448ca70066992b904cede37f2f668ff43460d7d679348ab747dd91cba2236bdcbb388042481
SSDEEP

12288:JbRIIycDCSzC53ZoLdPaVWSlEw38xiFDryFi2MDaVHOTGpLjn1Q:JdPycrIoPaVWQEwMxiJ2FtMDaVHOyd1Q

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5cdcc9bc320db5d7d14d1c91fd83c8d3e73c20a3a27623dd0369a3abdbf382b2.exe

Resource

win11-20241007-en

darkcomet discovery persistence rat trojan upx

windows11-21h2-x64

14 signatures

600 seconds

Malware Config

Targets

- Target
  
  5cdcc9bc320db5d7d14d1c91fd83c8d3e73c20a3a27623dd0369a3abdbf382b2
- Size
  
  576KB
- MD5
  
  a70261e8a99584e1f7413de33e6ca773
- SHA1
  
  6abc049ab5c57634dea75b635abbf36696a32e13
- SHA256
  
  5cdcc9bc320db5d7d14d1c91fd83c8d3e73c20a3a27623dd0369a3abdbf382b2
- SHA512
  
  176b200befbd3f9a1235c0aa1e838eb56c405bacaf9f6b5321cc11bd31474cd9ba1bcce7403335208a9a17193e3c70bd656334a1f827f5bff840613ea0bc519e
- SSDEEP
  
  12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS8:+NWPkHlUfBgpuPdWzyuDTifgyWl1
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy