darkcomet | 720398a159636f239c88e55bb75bf52bd7af634d8559b1f5090dbfa5baec8d81 | Triage

Submit
Reports

Overview

overview

Static

static

20c0e7db3a...18.exe

windows7-x64

20c0e7db3a...18.exe

windows10-2004-x64

Sharing

General

Target

20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118
Size

290KB
Sample

240507-ra63paad7t
MD5

20c0e7db3abc359de1ea1b468f66e672
SHA1

c718750922cfa8a84b2996634b042e6d174e0bf6
SHA256

720398a159636f239c88e55bb75bf52bd7af634d8559b1f5090dbfa5baec8d81
SHA512

54df9179e8ebc0fe02f68dd62e8b2f45edbec53562f5b04735b6d4919ccec1719a943c4e5e605f884bda29401b0abb5d6e93898fb7943ead365155fc660d76e5
SSDEEP

6144:ocNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0Pld:ocWkbgTYWnYnt/IDYhPld

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118.exe

Resource

win10v2004-20240419-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Extracted

Family

darkcomet

Botnet

Guest16

C2

amfetominka.myddns.me:56265

amfetominka.myddns.me:52752

103.16.26.83:56265

103.16.26.83:52752

Mutex

DC_MUTEX-G8ZTH20

Attributes

gencode
Sk4vMUC5Mi2q
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  20c0e7db3abc359de1ea1b468f66e672_JaffaCakes118
- Size
  
  290KB
- MD5
  
  20c0e7db3abc359de1ea1b468f66e672
- SHA1
  
  c718750922cfa8a84b2996634b042e6d174e0bf6
- SHA256
  
  720398a159636f239c88e55bb75bf52bd7af634d8559b1f5090dbfa5baec8d81
- SHA512
  
  54df9179e8ebc0fe02f68dd62e8b2f45edbec53562f5b04735b6d4919ccec1719a943c4e5e605f884bda29401b0abb5d6e93898fb7943ead365155fc660d76e5
- SSDEEP
  
  6144:ocNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0Pld:ocWkbgTYWnYnt/IDYhPld
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy