darkcomet | 1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd | Triage

Submit
Reports

Overview

overview

Static

static

1

1c18e114b3...fd.exe

windows7-x64

1c18e114b3...fd.exe

windows10-2004-x64

Sharing

General

Target

1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd
Size

3.9MB
Sample

241023-xpk2navfkc
MD5

0b900f1e0009adf08ac7c57878e2f84c
SHA1

36d4f6be34343653cb6ffef7bc278603bcf446c1
SHA256

1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd
SHA512

b3934d8404bdbeeacab1b8c4dd7d8e94cf4c94124e938660a3088d814e89bdf3d4339b8570e3f63615db7759ebb5e0de0fbfb9e6bd0c3849fff36d7d18d51757
SSDEEP

98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5CN:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBN

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd.exe

Resource

win7-20240903-en

darkcomet discovery persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd.exe

Resource

win10v2004-20241007-en

darkcomet discovery persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd
- Size
  
  3.9MB
- MD5
  
  0b900f1e0009adf08ac7c57878e2f84c
- SHA1
  
  36d4f6be34343653cb6ffef7bc278603bcf446c1
- SHA256
  
  1c18e114b3f7d6744d43288a16d1acfaf95d6c694d3e729109d13621fe9b6afd
- SHA512
  
  b3934d8404bdbeeacab1b8c4dd7d8e94cf4c94124e938660a3088d814e89bdf3d4339b8570e3f63615db7759ebb5e0de0fbfb9e6bd0c3849fff36d7d18d51757
- SSDEEP
  
  98304:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBAlB6D4tyX6kuT4IkQApCgvms0Cv05J5CN:8lX3KMj7yBNUVPhd5G0Z5DxdM3hZpmBN
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

behavioral2

darkcometdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy