darkcomet | 9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14 | Triage

Submit
Reports

Overview

overview

Static

static

9ba8ddb94a...14.exe

windows7_x64

9ba8ddb94a...14.exe

windows10-2004_x64

Sharing

General

Target

9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14
Size

358KB
Sample

220516-x21mwagbej
MD5

6142cafaf1d992806a02afb9bc331530
SHA1

2145b7fa5bc1d954d8a151bdf4380996dd220d89
SHA256

9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14
SHA512

7addc5880adbb33303cbfeb555a677f783cd5b2866e1aa8f1cbf65c60e931f83afe29e98974efe98bfa0f21b0de324adf18734d7fe007b2e84876df575e8f012

Score

10^/10

darkcomet slaves evasion rat trojan upx

Static task

static1

upx slaves darkcomet

Behavioral task

behavioral1

Sample

9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14.exe

Resource

win7-20220414-en

darkcomet evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14.exe

Resource

win10v2004-20220414-en

darkcomet evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Slaves

C2

82.102.24.251:21995

Mutex

DC_MUTEX-02XFUF4

Attributes

gencode
l8pBW5ke5gRG
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14
- Size
  
  358KB
- MD5
  
  6142cafaf1d992806a02afb9bc331530
- SHA1
  
  2145b7fa5bc1d954d8a151bdf4380996dd220d89
- SHA256
  
  9ba8ddb94adc8f7e935ee4ce266a868d217840d0d42bcb9c3d6615cef9884f14
- SHA512
  
  7addc5880adbb33303cbfeb555a677f783cd5b2866e1aa8f1cbf65c60e931f83afe29e98974efe98bfa0f21b0de324adf18734d7fe007b2e84876df575e8f012
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxslavesdarkcomet

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy