darkcomet | hxxps://github[.]com/daedalus/NanoCore/archive/refs/heads/master[.]zip | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com/d...

windows10-2004-x64

Sharing

General

Target

https://github.com/daedalus/NanoCore/archive/refs/heads/master.zip
Sample

230310-1f5w9ahc3y

Score

10^/10

darkcomet nanocore idman evasion keylogger persistence rat spyware stealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com/daedalus/NanoCore/archive/refs/heads/master.zip

Resource

win10v2004-20230220-en

darkcomet nanocore idman evasion keylogger persistence rat spyware stealer trojan

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

IDMAN

C2

arrivals.ddns.net:2323

Mutex

DC_MUTEX-391X2ZJ

Attributes

InstallPath
MSDCSC\IDMAN.exe
gencode
CUWbhGwmWBMb
install
true
offline_keylogger
true
persistence
true
reg_key
IDMAN

Targets

- Target
  
  https://github.com/daedalus/NanoCore/archive/refs/heads/master.zip
Score

10^/10

darkcomet nanocore idman evasion keylogger persistence rat spyware stealer trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

darkcometnanocoreidmanevasionkeyloggerpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy