darkcomet | ede2bc7e3b42f474384fdf49c38c91bafff7de2820a51abbe78ac5cc9b8852a6 | Triage

Submit
Reports

Overview

overview

Static

static

israbokchat.exe

windows10-2004-x64

Sharing

General

Target

İsrabok.rar
Size

287KB
Sample

240316-sa5ejadc7t
MD5

ed8e565537a3dac2a20df0e693dc0497
SHA1

89542d1ee7f6e84d9d902fad4eb07c76c66d0c68
SHA256

ede2bc7e3b42f474384fdf49c38c91bafff7de2820a51abbe78ac5cc9b8852a6
SHA512

b2f979d0e7bfb736e68124668772be5d6ad1e828da3cdc6ac0405a3258a04d80f30f9102550311e12c71c3891ff8758b99dbedf8f2fd04adcf8aee8d60432030
SSDEEP

6144:0sLNWiQdMhXQJDx6UKcBlogU8dWZ3Hb8FGqh8FimYWqSP8:jLNtQ4XQJd6bcTxQFYFGhYW4

Score

10^/10

darkcomet guest16 evasion rat trojan

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

israbokchat.exe

Resource

win10v2004-20240226-en

darkcomet guest16 evasion rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

6.tcp.eu.ngrok.io:12633

Mutex

DC_MUTEX-CMZ8PA7

Attributes

gencode
B5x3C3ZaFyH2
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  israbokchat.exe
- Size
  
  756KB
- MD5
  
  da12c6ff5cd8c76ea98749f8cecca7e0
- SHA1
  
  320f3efb2d9e2f40a2f572600b594f6d0d962ca9
- SHA256
  
  11ac419df5e4ff7f40024c59c4eef2376b73ce230a74d76532e02794965798fc
- SHA512
  
  bc38df1580a168d0c4c83ce15aff98d86f0a96f26ebc12eb1d966ec8370ecdf17786f7c98fbd3496a91c8e33b09070975d667ed55c60d3e3a3c91f9f4570ecfd
- SSDEEP
  
  12288:v9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9KlKebJR:ZZ1xuVVjfFoynPaVBUR8f+kN10EBPhO
Score

10^/10

darkcomet guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies security service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionrattrojan

© 2018-2024

Terms | Privacy