darkcomet | 16c8b807fb271c9fa9257adecc6fedb9b43a7b3ca7e2bce2c5797a68f3895a75 | Triage

Submit
Reports

Overview

overview

Static

static

fdie.exe

windows7-x64

fdie.exe

windows10-1703-x64

fdie.exe

windows10-2004-x64

fdie.exe

windows11-21h2-x64

Sharing

General

Target

fdie.exe
Size

349KB
Sample

240407-k1emsshh54
MD5

16fc0818c01b213c1dda3e2c6500b2b5
SHA1

41782495122094490f024cfc7de8f75c4ea366a1
SHA256

16c8b807fb271c9fa9257adecc6fedb9b43a7b3ca7e2bce2c5797a68f3895a75
SHA512

1a373a5b02eb6389310240a2c51e64f084ba087f2628653806f70da726767a2ce9d6d57c23638825d082027369fc837cbacfa98531b5bbfac355034ab2e0bbf0
SSDEEP

6144:FcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37NRI2RwplSZkOiu9PZ/p:FcW7KEZlPzCy37NxRPNVR

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

fdie.exe

Resource

win7-20240221-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

fdie.exe

Resource

win10-20240404-en

darkcomet guest16 evasion rat trojan upx

windows10-1703-x64

13 signatures

300 seconds

Behavioral task

behavioral3

Sample

fdie.exe

Resource

win10v2004-20240226-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

13 signatures

300 seconds

Behavioral task

behavioral4

Sample

fdie.exe

Resource

win11-20240214-en

darkcomet guest16 evasion rat trojan upx

windows11-21h2-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-Z0Y353G

Attributes

gencode
TrmiFnKugxo0
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  fdie.exe
- Size
  
  349KB
- MD5
  
  16fc0818c01b213c1dda3e2c6500b2b5
- SHA1
  
  41782495122094490f024cfc7de8f75c4ea366a1
- SHA256
  
  16c8b807fb271c9fa9257adecc6fedb9b43a7b3ca7e2bce2c5797a68f3895a75
- SHA512
  
  1a373a5b02eb6389310240a2c51e64f084ba087f2628653806f70da726767a2ce9d6d57c23638825d082027369fc837cbacfa98531b5bbfac355034ab2e0bbf0
- SSDEEP
  
  6144:FcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37NRI2RwplSZkOiu9PZ/p:FcW7KEZlPzCy37NxRPNVR
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

behavioral3

darkcometguest16evasionrattrojanupx

behavioral4

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy