darkcomet | 1c21cb19240f4e2b1ec3490c54a437b84345f41298ccc3d5c17fe8bf3dd16ba3 | Triage

Submit
Reports

Overview

overview

Static

static

3

$$dinamikC...$$.exe

windows10-2004-x64

Resubmissions

19-02-2024 05:10

240219-ftyd4shh9y 10

Sharing

General

Target

$$dinamikCristal$$.exe
Size

746KB
Sample

240219-ftyd4shh9y
MD5

54090521d667d44350d72b066c6f242a
SHA1

20424c81eb3b6bd68467333f7e45e60f7571518a
SHA256

1c21cb19240f4e2b1ec3490c54a437b84345f41298ccc3d5c17fe8bf3dd16ba3
SHA512

fde7c2f5f2558bf315e567898f93bffa9320670ebddb6bbba66541c3a93f21737398ed7d1dd134086bb9e9cdd00f580f434ac210dd68e57a371df855af3222bc
SSDEEP

12288:jBdlwHRn+WlYV+8T+tkpeZuCWbKeYQjL7niHpwrcURuwSs/Y:jBkVdlYAKc1WmEjL7niHpwrcU2s/Y

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

$$dinamikCristal$$.exe

Resource

win10v2004-20231215-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

4.tcp.eu.ngrok.io:16885

4.tcp.eu.ngrok.io:1604

Mutex

DC_MUTEX-Z4PMKKC

Attributes

gencode
42mAfR1mKy33
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  $$dinamikCristal$$.exe
- Size
  
  746KB
- MD5
  
  54090521d667d44350d72b066c6f242a
- SHA1
  
  20424c81eb3b6bd68467333f7e45e60f7571518a
- SHA256
  
  1c21cb19240f4e2b1ec3490c54a437b84345f41298ccc3d5c17fe8bf3dd16ba3
- SHA512
  
  fde7c2f5f2558bf315e567898f93bffa9320670ebddb6bbba66541c3a93f21737398ed7d1dd134086bb9e9cdd00f580f434ac210dd68e57a371df855af3222bc
- SSDEEP
  
  12288:jBdlwHRn+WlYV+8T+tkpeZuCWbKeYQjL7niHpwrcURuwSs/Y:jBkVdlYAKc1WmEjL7niHpwrcU2s/Y
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy