darkcomet | 1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11 | Triage

Submit
Reports

Overview

overview

Static

static

3

1e177bb659...1N.exe

windows7-x64

1e177bb659...1N.exe

windows10-2004-x64

3

Sharing

General

Target

1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11N.exe
Size

1.7MB
Sample

241129-mf1ewazqax
MD5

4a45eda053a2e6ca140a58d2dcba5ff0
SHA1

fa5bcdcb373d8dce86ae6bcc4ed4770ab4498b5d
SHA256

1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11
SHA512

89fdba17a8750c85b3488492e1968a2ae7bc876552a558f84cd6ecee6582ee360112abe580fa0dab0005824f09695b4f8b114a4e2f09e12bad4f7030c14a416b
SSDEEP

49152:kOBuzw/nMVpcq/2ELfWum/+kD+MKklDvjao:kOuzwMobEKpDVKabjao

Score

10^/10

darkcomet 093012de discovery exploit persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11N.exe

Resource

win7-20240708-en

darkcomet 093012de discovery exploit persistence rat trojan upx

windows7-x64

18 signatures

120 seconds

Behavioral task

behavioral2

Sample

1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11N.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

093012DE

C2

hosting.servegame.com:8085

Mutex

DC_MUTEX-NPS90EE

Attributes

gencode
Sjl07Y5gccaE
install
false
offline_keylogger
true
password
Michemicalromance
persistence
false

Targets

- Target
  
  1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11N.exe
- Size
  
  1.7MB
- MD5
  
  4a45eda053a2e6ca140a58d2dcba5ff0
- SHA1
  
  fa5bcdcb373d8dce86ae6bcc4ed4770ab4498b5d
- SHA256
  
  1e177bb6591daf06a0dafc378093c04669403a90fda3e539ca4a1aa2a67c7c11
- SHA512
  
  89fdba17a8750c85b3488492e1968a2ae7bc876552a558f84cd6ecee6582ee360112abe580fa0dab0005824f09695b4f8b114a4e2f09e12bad4f7030c14a416b
- SSDEEP
  
  49152:kOBuzw/nMVpcq/2ELfWum/+kD+MKklDvjao:kOuzwMobEKpDVKabjao
Score

10^/10

darkcomet 093012de discovery exploit persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Possible privilege escalation attempt
  exploit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet093012dediscoveryexploitpersistencerattrojanupx

behavioral2

© 2018-2024

Terms | Privacy