darkcomet | e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80 | Triage

Submit
Reports

Overview

overview

Static

static

e5b9281e84...80.exe

windows7-x64

e5b9281e84...80.exe

windows10-2004-x64

Sharing

General

Target

e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
Size

611KB
Sample

221203-dy1c6aah55
MD5

5c898dd2bc147ffad06ac8362d13614c
SHA1

8f8fc1e81ee69b12a06e256d7f0cdceea54d25dd
SHA256

e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
SHA512

fcfb8dca28fe47b61f2b201ce160854a3c865aa0f049020a2e741df271772d3e0fd71ebb30fa85d2ad80bc3c0dc0c57183a977f5f4082afc4c240c9d6b06b650
SSDEEP

12288:LTqSnzWHA+m3S0fapaJehb2qTvxpGrLRRWDyw4tw+Unzyn6PPr:/qSn4mCSJS1v7GPUz4tYun6n

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80.exe

Resource

win7-20220812-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80.exe

Resource

win10v2004-20221111-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

192.168.1.7:1604

87.212.172.69:1604

rattedmyfriend.no-ip.biz:8003

Mutex

DC_MUTEX-E5UH45R

Attributes

gencode
61lo22hTYh4s
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
- Size
  
  611KB
- MD5
  
  5c898dd2bc147ffad06ac8362d13614c
- SHA1
  
  8f8fc1e81ee69b12a06e256d7f0cdceea54d25dd
- SHA256
  
  e5b9281e84cb24c27be96d45f93c01af954cc898fde9cd6450605f9e7ae77d80
- SHA512
  
  fcfb8dca28fe47b61f2b201ce160854a3c865aa0f049020a2e741df271772d3e0fd71ebb30fa85d2ad80bc3c0dc0c57183a977f5f4082afc4c240c9d6b06b650
- SSDEEP
  
  12288:LTqSnzWHA+m3S0fapaJehb2qTvxpGrLRRWDyw4tw+Unzyn6PPr:/qSn4mCSJS1v7GPUz4tYun6n
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy