darkcomet | c9b37efc16b190f11f7607ace2a8f5b60639b716a72321fc3aada925c53aa7ed | Triage

Submit
Reports

Overview

overview

Static

static

3

cdca6cf1ad...96.exe

windows7-x64

cdca6cf1ad...96.exe

windows10-2004-x64

Sharing

General

Target

cdca6cf1adac7a1b0e924e6588b9e096
Size

699KB
Sample

240316-l86xpagh2v
MD5

cdca6cf1adac7a1b0e924e6588b9e096
SHA1

1f0be53bbda5739eea99a8bce2f7602e17ff269e
SHA256

c9b37efc16b190f11f7607ace2a8f5b60639b716a72321fc3aada925c53aa7ed
SHA512

cfccc676c2808c4461846253fc44dd6cc46a7358357822863f967e5e1b1badb51052e4aefa2f9f371d92661be9de01739a33d3da5eae556f66feb1ad79f5a0a3
SSDEEP

12288:vsOW6Q4OWz9h8T+t7bzyHew18LpuVKxTlQrrq+3r5VuGBBNjZfRzV:hW6VXRhVbzyfyR0qMXNjBRZ

Score

10^/10

darkcomet guest16 evasion persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cdca6cf1adac7a1b0e924e6588b9e096.exe

Resource

win7-20240221-en

darkcomet guest16 evasion persistence rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdca6cf1adac7a1b0e924e6588b9e096.exe

Resource

win10v2004-20240226-en

darkcomet guest16 evasion persistence rat trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

185.113.208.205:1604

Mutex

DC_MUTEX-UCGJZEA

Attributes

InstallPath
NvidiaGraphicSys.exe
gencode
Hdnr2tMwrvAj
install
true
offline_keylogger
true
persistence
true
reg_key
Nvidia Graphics

Targets

- Target
  
  cdca6cf1adac7a1b0e924e6588b9e096
- Size
  
  699KB
- MD5
  
  cdca6cf1adac7a1b0e924e6588b9e096
- SHA1
  
  1f0be53bbda5739eea99a8bce2f7602e17ff269e
- SHA256
  
  c9b37efc16b190f11f7607ace2a8f5b60639b716a72321fc3aada925c53aa7ed
- SHA512
  
  cfccc676c2808c4461846253fc44dd6cc46a7358357822863f967e5e1b1badb51052e4aefa2f9f371d92661be9de01739a33d3da5eae556f66feb1ad79f5a0a3
- SSDEEP
  
  12288:vsOW6Q4OWz9h8T+t7bzyHew18LpuVKxTlQrrq+3r5VuGBBNjZfRzV:hW6VXRhVbzyfyR0qMXNjBRZ
Score

10^/10

darkcomet guest16 evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  evasion trojan
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16evasionpersistencerattrojanupx

behavioral2

darkcometguest16evasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy