darkcomet | 9a8d9acaad5491f3bace47f75de44fcec18d966d9224c0c33b092de9f5ac5180 | Triage

Submit
Reports

Overview

overview

Static

static

24b1352f5a...18.exe

windows7-x64

24b1352f5a...18.exe

windows10-2004-x64

Sharing

General

Target

24b1352f5a83c1a4312d9f5107ab4c49_JaffaCakes118
Size

251KB
Sample

240508-nt8tvaag2x
MD5

24b1352f5a83c1a4312d9f5107ab4c49
SHA1

e7748fbc5d762ca129f1c5d5a63d12ef0bbe479f
SHA256

9a8d9acaad5491f3bace47f75de44fcec18d966d9224c0c33b092de9f5ac5180
SHA512

7595b8f840f587e53509e0f7127e5de48f0351ddacc38affbc92f1918e5b816fd83394bb6db8c13f387c768845e9ce7288610d183fd63953956573979a981ff7
SSDEEP

6144:JcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:JcWkbgTYWnYnt/IDYhP

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

24b1352f5a83c1a4312d9f5107ab4c49_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

24b1352f5a83c1a4312d9f5107ab4c49_JaffaCakes118.exe

Resource

win10v2004-20240419-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-XBAVWJC

Attributes

gencode
ZfsZ1D19rBuA
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  24b1352f5a83c1a4312d9f5107ab4c49_JaffaCakes118
- Size
  
  251KB
- MD5
  
  24b1352f5a83c1a4312d9f5107ab4c49
- SHA1
  
  e7748fbc5d762ca129f1c5d5a63d12ef0bbe479f
- SHA256
  
  9a8d9acaad5491f3bace47f75de44fcec18d966d9224c0c33b092de9f5ac5180
- SHA512
  
  7595b8f840f587e53509e0f7127e5de48f0351ddacc38affbc92f1918e5b816fd83394bb6db8c13f387c768845e9ce7288610d183fd63953956573979a981ff7
- SSDEEP
  
  6144:JcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:JcWkbgTYWnYnt/IDYhP
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2024

Terms | Privacy