darkcomet | 87f6887fa47e3e48630a5a46fce5a7470a39dc21a3ac79bdd837ea5b754b6e86 | Triage

Submit
Reports

Overview

overview

Static

static

7

f3cc6afc6f...18.exe

windows7-x64

f3cc6afc6f...18.exe

windows10-2004-x64

Sharing

General

Target

f3cc6afc6f9cd465907bdffbf02871be_JaffaCakes118
Size

300KB
Sample

240416-s5v5cadh46
MD5

f3cc6afc6f9cd465907bdffbf02871be
SHA1

5325f67e9370827b35c27c9bb3833cf5ddcba58d
SHA256

87f6887fa47e3e48630a5a46fce5a7470a39dc21a3ac79bdd837ea5b754b6e86
SHA512

343b2a6a98c8d2aecdc9c0eb9c84777b863a6cc1b9d32c6efd3c6da3d0bf523157bab839d32bbdb4d0ea34a5d2850902bc13d49475d9b216d6ba2bfb9062ac0d
SSDEEP

6144:EzrYL/EY/UMDqQHIFkC6ROM6XJuEMyGJod/gb9f8ngcv:tLMCFDqAqRM6XJuEMZJodk1

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f3cc6afc6f9cd465907bdffbf02871be_JaffaCakes118.exe

Resource

win7-20231129-en

darkcomet guest16 rat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f3cc6afc6f9cd465907bdffbf02871be_JaffaCakes118.exe

Resource

win10v2004-20240412-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-MES1FBD

Attributes

gencode
M7aL4hgYlh2s
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f3cc6afc6f9cd465907bdffbf02871be_JaffaCakes118
- Size
  
  300KB
- MD5
  
  f3cc6afc6f9cd465907bdffbf02871be
- SHA1
  
  5325f67e9370827b35c27c9bb3833cf5ddcba58d
- SHA256
  
  87f6887fa47e3e48630a5a46fce5a7470a39dc21a3ac79bdd837ea5b754b6e86
- SHA512
  
  343b2a6a98c8d2aecdc9c0eb9c84777b863a6cc1b9d32c6efd3c6da3d0bf523157bab839d32bbdb4d0ea34a5d2850902bc13d49475d9b216d6ba2bfb9062ac0d
- SSDEEP
  
  6144:EzrYL/EY/UMDqQHIFkC6ROM6XJuEMyGJod/gb9f8ngcv:tLMCFDqAqRM6XJuEMZJodk1
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy