darkcomet | 1111f013a010a57a6739a8d4d0891728547cbbf80e45e77369a05d3423a28915 | Triage

Submit
Reports

Overview

overview

Static

static

NanoCore.exe

windows10-1703-x64

Sharing

General

Target

NanoCore.exe
Size

1.1MB
Sample

230410-rwxq5saa35
MD5

e4aeb7b31d677a5a9a58a4762fab1321
SHA1

a5e7279b6d59236296031ff87976e33fbd8cf34d
SHA256

1111f013a010a57a6739a8d4d0891728547cbbf80e45e77369a05d3423a28915
SHA512

964dda5030a54493aeebb8b478a76ccd98456184224332e66d5b693d311c83da11c360355c8d73e539ebc7b6ed0d0d2e78f65eef0f75d48c64a63cf10411e1fa
SSDEEP

24576:sdZ1xuVVjfFoynPaVBUR8f+kN10EBIQXiClSI5tIkjh:snQDgok30Edb

Score

10^/10

darkcomet nanocore idman evasion keylogger persistence rat spyware stealer trojan

Static task

static1

darkcomet nanocore

2 signatures

Behavioral task

behavioral1

Sample

NanoCore.exe

Resource

win10-20230220-en

darkcomet nanocore idman evasion keylogger persistence rat spyware stealer trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

IDMAN

C2

arrivals.ddns.net:2323

Mutex

DC_MUTEX-391X2ZJ

Attributes

InstallPath
MSDCSC\IDMAN.exe
gencode
CUWbhGwmWBMb
install
true
offline_keylogger
true
persistence
true
reg_key
IDMAN

Targets

- Target
  
  NanoCore.exe
- Size
  
  1.1MB
- MD5
  
  e4aeb7b31d677a5a9a58a4762fab1321
- SHA1
  
  a5e7279b6d59236296031ff87976e33fbd8cf34d
- SHA256
  
  1111f013a010a57a6739a8d4d0891728547cbbf80e45e77369a05d3423a28915
- SHA512
  
  964dda5030a54493aeebb8b478a76ccd98456184224332e66d5b693d311c83da11c360355c8d73e539ebc7b6ed0d0d2e78f65eef0f75d48c64a63cf10411e1fa
- SSDEEP
  
  24576:sdZ1xuVVjfFoynPaVBUR8f+kN10EBIQXiClSI5tIkjh:snQDgok30Edb
Score

10^/10

darkcomet nanocore idman evasion keylogger persistence rat spyware stealer trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

darkcometnanocore

behavioral1

darkcometnanocoreidmanevasionkeyloggerpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy