darkcomet | 3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b | Triage

Submit
Reports

Overview

overview

Static

static

3bcd710396...4b.exe

windows7-x64

3bcd710396...4b.exe

windows10-2004-x64

Sharing

General

Target

3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b
Size

251KB
Sample

221001-3nfy7sddhj
MD5

7311b5a44dfce7fb05fbb7a9af3f9e40
SHA1

6580b99ed6ce5ec2257aa7c81cdbe135257807a4
SHA256

3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b
SHA512

05a6f5b5af3c409da7c3b435bfaa519f7aad7362d48b2152ae6a5e0d5f5e0c1f5f37655a41afa47dda771ed1865efb22f2a585702aa498c9a8ebacaa789ded03
SSDEEP

6144:NcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37dh:NcW7KEZlPzCy37n

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

upx guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b.exe

Resource

win7-20220812-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b.exe

Resource

win10v2004-20220901-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hnoo17.no-ip.biz:81

Mutex

DC_MUTEX-QRJRZ13

Attributes

gencode
iLoJ9nfDEXca
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b
- Size
  
  251KB
- MD5
  
  7311b5a44dfce7fb05fbb7a9af3f9e40
- SHA1
  
  6580b99ed6ce5ec2257aa7c81cdbe135257807a4
- SHA256
  
  3bcd710396553dce718e179868b397a4659bce918f796ceadce61822d7f01c4b
- SHA512
  
  05a6f5b5af3c409da7c3b435bfaa519f7aad7362d48b2152ae6a5e0d5f5e0c1f5f37655a41afa47dda771ed1865efb22f2a585702aa498c9a8ebacaa789ded03
- SSDEEP
  
  6144:NcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37dh:NcW7KEZlPzCy37n
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy