darkcomet | e80730c033226893146971da32d924fd368df56a340523c03752c92e971e317f | Triage

Submit
Reports

Overview

overview

Static

static

3

21ba5dec8e...18.exe

windows7-x64

21ba5dec8e...18.exe

windows10-2004-x64

Sharing

General

Target

21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118
Size

346KB
Sample

240703-kjjkesyerj
MD5

21ba5dec8e7d7021a398190eda82c90a
SHA1

212fea82dca086308043dbc27c17791b8aae5863
SHA256

e80730c033226893146971da32d924fd368df56a340523c03752c92e971e317f
SHA512

cfb5c1ba3e5f1d296cc0e6fd2c036e9f9bb907da2fc82b7d636d9e837d79b6fccf8e1b41a98d4da91916f58a658708b6b19626e7a0c9729b351c9df26ba77957
SSDEEP

6144:kScwMXuUrdIHwfBrvGv8PC4SMhroCaBbONqDFenq64WXy2w4wjvX1KID52kz:kSpordIibPC4SMX74Fiqj5P1D5

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet guest16 persistence rat trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet guest16 persistence rat trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

smr9.no-ip.org:1604

Mutex

DC_MUTEX-G4HJPCR

Attributes

InstallPath
MSDCSC\lsass
gencode
4RT1F8YxjhmW
install
true
offline_keylogger
false
password
123456
persistence
true
reg_key
lsass

Targets

- Target
  
  21ba5dec8e7d7021a398190eda82c90a_JaffaCakes118
- Size
  
  346KB
- MD5
  
  21ba5dec8e7d7021a398190eda82c90a
- SHA1
  
  212fea82dca086308043dbc27c17791b8aae5863
- SHA256
  
  e80730c033226893146971da32d924fd368df56a340523c03752c92e971e317f
- SHA512
  
  cfb5c1ba3e5f1d296cc0e6fd2c036e9f9bb907da2fc82b7d636d9e837d79b6fccf8e1b41a98d4da91916f58a658708b6b19626e7a0c9729b351c9df26ba77957
- SSDEEP
  
  6144:kScwMXuUrdIHwfBrvGv8PC4SMhroCaBbONqDFenq64WXy2w4wjvX1KID52kz:kSpordIibPC4SMX74Fiqj5P1D5
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16persistencerattrojanupx

behavioral2

darkcometguest16persistencerattrojanupx

© 2018-2024

Terms | Privacy