darkcomet | ce6c774bcbcb08ee2e11a539a45e70afc1282d04970d52b42020d8c761173b49 | Triage

Submit
Reports

Overview

overview

Static

static

3

eddb245a5d...16.exe

windows7-x64

eddb245a5d...16.exe

windows10-2004-x64

Sharing

General

Target

ce6c774bcbcb08ee2e11a539a45e70afc1282d04970d52b42020d8c761173b49
Size

291KB
Sample

240417-p6pgeagb63
MD5

01513add1d9e805de24784913a252e3f
SHA1

56b34582a34a41a9da3b680fdbe7136a2b343b4e
SHA256

ce6c774bcbcb08ee2e11a539a45e70afc1282d04970d52b42020d8c761173b49
SHA512

f774adc5baad09f3112dca3c088911246fc23a43b831069da12db06de741f75dede47b0b5f69189c71a138355705075f329ae31f446bc45fb16e9a068706e0eb
SSDEEP

6144:ySpeh1zgHkZxm3Dsfo5hHaWA63t40bcj3zNRhWjtKy1f:Fp7EruDsfMhHaWdFbIIjc6

Score

10^/10

darkcomet guest16 evasion persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eddb245a5dc0d8f70ffb66c033cbaa38ea4639d900739c5580bc37d86f258816.exe

Resource

win7-20240221-en

darkcomet guest16 evasion persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

eddb245a5dc0d8f70ffb66c033cbaa38ea4639d900739c5580bc37d86f258816.exe

Resource

win10v2004-20240412-en

darkcomet guest16 evasion persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sussynv83dj893.duckdns.org:1604

Mutex

DC_MUTEX-RU83HNV

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
MFz6heXQQ4jP
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  eddb245a5dc0d8f70ffb66c033cbaa38ea4639d900739c5580bc37d86f258816.exe
- Size
  
  350KB
- MD5
  
  220fd88ed61a81dd7238c8385fc8c5f7
- SHA1
  
  b4c6ea98e705912f38816bd4aff085871b1bae80
- SHA256
  
  eddb245a5dc0d8f70ffb66c033cbaa38ea4639d900739c5580bc37d86f258816
- SHA512
  
  355aad3cc89c3d6acaf53a7091903d6b0b4092e1f4c7bc6c41255a7aafce00d3807ddad4b5c027a0437938e17278f7a8d591a085b4e014fff8d6165fdeb6838f
- SSDEEP
  
  6144:hSncRldcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37wxM:Q4jcW7KEZlPzCy37
Score

10^/10

darkcomet guest16 evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16evasionpersistencerattrojanupx

behavioral2

darkcometguest16evasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy