darkcomet | 9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce | Triage

Submit
Reports

Overview

overview

Static

static

7

9f230a4356...cs.exe

windows7-x64

9f230a4356...cs.exe

windows10-2004-x64

Sharing

General

Target

9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce_NeikiAnalytics.exe
Size

592KB
Sample

240628-s5qvmaydjq
MD5

31afe4b9078c5cd3b9a082ff170b7740
SHA1

bd880eb7227d7f88ba5b4a92922dc2bf5f124422
SHA256

9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce
SHA512

05c66de6de4471c61933e895f483bae43a1eae99a4619174561576983fe84db43bccacb1b7b63a321719feabc675c3104ae4bd27fd9de5e3c4e2219755e95551
SSDEEP

12288:wcWRJxhIUKofd9S88itJsL6s8GwUF81yn0FI/6IC0XoSO:TW/xhIUKofSytJsL6HUP0OHCf

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce_NeikiAnalytics.exe

Resource

win7-20240508-en

darkcomet persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

darkcomet persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce_NeikiAnalytics.exe
- Size
  
  592KB
- MD5
  
  31afe4b9078c5cd3b9a082ff170b7740
- SHA1
  
  bd880eb7227d7f88ba5b4a92922dc2bf5f124422
- SHA256
  
  9f230a43561047ce08b5b86de42709197f63a678e9c576fdf1d85619c4c9dfce
- SHA512
  
  05c66de6de4471c61933e895f483bae43a1eae99a4619174561576983fe84db43bccacb1b7b63a321719feabc675c3104ae4bd27fd9de5e3c4e2219755e95551
- SSDEEP
  
  12288:wcWRJxhIUKofd9S88itJsL6s8GwUF81yn0FI/6IC0XoSO:TW/xhIUKofSytJsL6HUP0OHCf
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy