darkcomet | 01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1 | Triage

Submit
Reports

Overview

overview

Static

static

3

01ed6faee2...c1.exe

windows7-x64

01ed6faee2...c1.exe

windows10-2004-x64

Sharing

General

Target

01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1.exe
Size

718KB
Sample

241217-b54caawpcz
MD5

be3a4de04dc9453290070a13f70f9201
SHA1

254788b5e992cc36bf75311a4c712a06fc14dd29
SHA256

01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1
SHA512

469f169a25ec9f255dce57d864d2b830f366a90f2c48666adc163870a21378dba6989ae466e5fb9ad40dac122f12ab9cdc2a9b932d98b5a133b7b15ab90f25e1
SSDEEP

12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6W:b8p2goysF4taCgVRdiNlOQF30V

Score

10^/10

darkcomet fo discovery evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1.exe

Resource

win7-20240903-en

darkcomet fo discovery evasion rat trojan upx

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1.exe

Resource

win10v2004-20241007-en

darkcomet fo discovery evasion rat trojan upx

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

fo

C2

127.0.0.1:1010

46.39.230.61:1010

Mutex

DC_MUTEX-PR2UBLF

Attributes

gencode
ovcHaFsW9bRT
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1.exe
- Size
  
  718KB
- MD5
  
  be3a4de04dc9453290070a13f70f9201
- SHA1
  
  254788b5e992cc36bf75311a4c712a06fc14dd29
- SHA256
  
  01ed6faee2a9f3aa9122de177ee91709de6c33e05b84ed312ecd9ce5ca1e08c1
- SHA512
  
  469f169a25ec9f255dce57d864d2b830f366a90f2c48666adc163870a21378dba6989ae466e5fb9ad40dac122f12ab9cdc2a9b932d98b5a133b7b15ab90f25e1
- SSDEEP
  
  12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6W:b8p2goysF4taCgVRdiNlOQF30V
Score

10^/10

darkcomet fo discovery evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometfodiscoveryevasionrattrojanupx

behavioral2

darkcometfodiscoveryevasionrattrojanupx

© 2018-2024

Terms | Privacy