darkcomet | c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a | Triage

Submit
Reports

Overview

overview

Static

static

c904da90e4...4a.exe

windows7-x64

c904da90e4...4a.exe

windows10-2004-x64

Sharing

General

Target

c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
Size

253KB
Sample

221003-tldlmaebdr
MD5

4f58ca7bf2bdb17cef34246ae67f0c39
SHA1

954c249f615a88ea3072a0bb58f3f439f66defb8
SHA256

c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
SHA512

f0dd425f38ece5b44465b7a9b023816bb1bf9560650ca184e488f0c8290b7ae548d233d59f36262c402df4ef8302f81b0f25d189eb8ca4240e44c62822154a41
SSDEEP

6144:ED7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:El8E4w5huat7UovONzbXw

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

upx guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a.exe

Resource

win7-20220812-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a.exe

Resource

win10v2004-20220812-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

192.168.2.101:1604

87.156.187.155:1604

Mutex

DC_MUTEX-WP4DNE0

Attributes

gencode
03mWNfCYgk9F
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
- Size
  
  253KB
- MD5
  
  4f58ca7bf2bdb17cef34246ae67f0c39
- SHA1
  
  954c249f615a88ea3072a0bb58f3f439f66defb8
- SHA256
  
  c904da90e4830fd5c5b559c3bf758a6f81e91a8a71735182dd1f41a95e341e4a
- SHA512
  
  f0dd425f38ece5b44465b7a9b023816bb1bf9560650ca184e488f0c8290b7ae548d233d59f36262c402df4ef8302f81b0f25d189eb8ca4240e44c62822154a41
- SSDEEP
  
  6144:ED7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:El8E4w5huat7UovONzbXw
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy