darkcomet | 75815b436f4c5e3b43320f8e6c547d02e010246a8cb71d45866ed91d97889749 | Triage

Submit
Reports

Overview

overview

Static

static

1dd8334d7e...18.exe

windows7-x64

1dd8334d7e...18.exe

windows10-2004-x64

Sharing

General

Target

1dd8334d7e2acff2caf124c1e949be38_JaffaCakes118
Size

346KB
Sample

240702-3cwkhszbjj
MD5

1dd8334d7e2acff2caf124c1e949be38
SHA1

ba6591c592f084b7ea1a021a76e12bdb1c51b4d9
SHA256

75815b436f4c5e3b43320f8e6c547d02e010246a8cb71d45866ed91d97889749
SHA512

278ae60b5eefa513f79b319ec22a33d07c8cd4b1b12fe255fca04731edaea751bc18d47f70696077ad469e5fdf1fb93004e721d764c7d380771449810cac8a42
SSDEEP

6144:nwT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cChWsp5Ve5t+R3IIhIp:nP+NULZdCn3TbncU2D7Ab3vhIIhII

Score

10^/10

darkcomet guest16 persistence rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

1dd8334d7e2acff2caf124c1e949be38_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet guest16 persistence rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1dd8334d7e2acff2caf124c1e949be38_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet guest16 persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

anonymsmhc.no-ip.biz:81

Mutex

DC_MUTEX-G7RUCFE

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
T5fjxntrfmuN
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  1dd8334d7e2acff2caf124c1e949be38_JaffaCakes118
- Size
  
  346KB
- MD5
  
  1dd8334d7e2acff2caf124c1e949be38
- SHA1
  
  ba6591c592f084b7ea1a021a76e12bdb1c51b4d9
- SHA256
  
  75815b436f4c5e3b43320f8e6c547d02e010246a8cb71d45866ed91d97889749
- SHA512
  
  278ae60b5eefa513f79b319ec22a33d07c8cd4b1b12fe255fca04731edaea751bc18d47f70696077ad469e5fdf1fb93004e721d764c7d380771449810cac8a42
- SSDEEP
  
  6144:nwT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cChWsp5Ve5t+R3IIhIp:nP+NULZdCn3TbncU2D7Ab3vhIIhII
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16persistencerattrojanupx

behavioral2

darkcometguest16persistencerattrojanupx

© 2018-2024

Terms | Privacy