darkcomet | 596263884d5474c2d3bb01238718eb30ce2c8539c99f66fa26b92171c6786c26 | Triage

Submit
Reports

Overview

overview

Static

static

lab_sample...5b.exe

windows10-1703-x64

7

lab_sample...5b.exe

windows10-2004-x64

7

Resubmissions

28-06-2024 11:25

240628-njn2paxalh 10

28-06-2024 11:22

240628-ngsbbswhlg 10

Sharing

General

Target

lab_samples.zip
Size

1.6MB
Sample

240628-njn2paxalh
MD5

707717e0811f03c3713616ab9354ae9f
SHA1

7b8ee97f65075ecd800381642bcbca4515a61cec
SHA256

596263884d5474c2d3bb01238718eb30ce2c8539c99f66fa26b92171c6786c26
SHA512

bff3f233ed55af5ee45b945856f96eab57e76e2481dd1e652bb755004b54dc1411c387c5b055056c92d51464c2abac9e6770221d520886df97610b8ff7d365b2
SSDEEP

49152:mXGgg7/0/FoAG6BKls7W9onqaRf/Hcfs826P5:GOioAt7W9onnRXHcfZ2q

Score

10^/10

darkcomet guest16 persistence upx

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe

Resource

win10-20240404-en

persistence upx

windows10-1703-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe

Resource

win10v2004-20240611-en

persistence upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

test213.no-ip.info:1604

Mutex

DC_MUTEX-KHNEW06

Attributes

InstallPath
MSDCSC\runddl32.exe
gencode
F6FE8i2BxCpu
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  lab_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe
- Size
  
  766KB
- MD5
  
  405dba47e2b03f53db2101444e6a925c
- SHA1
  
  ed769ff77f46730a9b58a111c52f9e498ec00838
- SHA256
  
  1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b
- SHA512
  
  3628944242f0b9d80204dfddcea4189ee7f703ba4498c6a818c83d570d97477ec1273270fef65e993cb0f6bed2d0c915cd3d68a5b35375e257a3879f4859c869
- SSDEEP
  
  12288:Qq9hmQkwvH0pmjqM31df4NIAOCIWL92Tnhz0ehT2LPXvLtJ:TpkwMpm+i1dfcjIw921z0GT2Dvb
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

behavioral2

© 2018-2024

Terms | Privacy