top title background image
flash

DarkComet Fixed.exe

Status: finished
Submission Time: 2022-07-11 04:56:15 +02:00
Malicious
Trojan
Evader
AsyncRAT, DarkComet, GhostRat

Comments

Tags

  • AsyncRAT
  • exe
  • RAT

Details

  • Analysis ID:
    660699
  • API (Web) ID:
    1028204
  • Analysis Started:
    2022-07-11 04:56:18 +02:00
  • Analysis Finished:
    2022-07-11 05:10:33 +02:00
  • MD5:
    9beb9311e16cdb4f441f6de009a51ddc
  • SHA1:
    cbea1c03c413710e63016921efa4a5cc7209f293
  • SHA256:
    8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 54/69
malicious
Score: 28/35
malicious
Score: 38/40
malicious

IPs

IP Country Detection
78.173.187.50
Turkey

Domains

Name IP Detection
susiahat24199a.ddns.net
78.173.187.50

URLs

Name Detection
susiahat24199a.ddns.net
http://blog.addictedtocoffee.de
http://canyouseeme.org
Click to see the 30 hidden entries
http://darkcomet-rat.com/
http://www.darkcomet-rat.com/scripts/version.txt
http://opensc.ws/openU
http://test.com/yourmodule.exe
http://unremote.se/scripts/ip.php
http://dynupdate.no-ip.com/dns?username=
http://upx.sf.netT
http://www.no-ip.com/legal/tos
http://darkcomet-rat.com/lounge.dcopenU
http://unremote.se/scripts/traceroute.php?ip=ipgetS
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://maps.google.com/maps/api/staticmap?center=
http://opensc.ws/
http://www.no-ip.com/
Http://darkcomet-rat.com/
http://unremote.se/scripts/ip.phpU
http://www.indyproject.org/
http://www.no-ip.com/leg
http://thewebsite.com/server.exe
http://darkcomet-rat.com/lounge.dc
http://unremote.org/
http://darkcomet-rat.com/scripts/pushme.php
http://unremote.se/scripts/traceroute.php?ip=
http://google.fr/
http://unremote.org/openU
http://canyouseeme.orgopen
HTTP://CANYOUSEEME.ORG/
http://www.no-ip.com/openU
http://www.darkcomet-rat.com/download
http://www.darkcomet-rat.com/scripts/version.txtU

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\DARKCOMET.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\DARKCOMET_FIXED.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\DARKCOMET_RAT FIXED.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 4 hidden entries
C:\Users\user\AppData\Local\Temp\SQLITE3.EXE
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\USERFIXER.EXE
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\JavaUpdate.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\Documents\MSDCSC\msdcsc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#