darkcomet | e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890 | Triage

Submit
Reports

Overview

overview

Static

static

3

e841210509...0N.exe

windows7-x64

e841210509...0N.exe

windows10-2004-x64

Sharing

General

Target

e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890N.exe
Size

718KB
Sample

241217-bb42qavqew
MD5

7a59e4b586b19bb7e57799e71831bf30
SHA1

260639259b3781deaed92c9c63e196a3b9c100be
SHA256

e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890
SHA512

e233cf418db931990a8671b6e1c7e52dc2a7595cb77e913e98c9f2c2150e6b713012cd19f2487761a8e364e320af47741cf7ab53142fe9305d7491a8b76d747c
SSDEEP

12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6W:b8p2goysF4taCgVRdiNlOQF30V

Score

10^/10

darkcomet fo discovery evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890N.exe

Resource

win7-20240903-en

darkcomet fo discovery evasion rat trojan upx

windows7-x64

17 signatures

120 seconds

Behavioral task

behavioral2

Sample

e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890N.exe

Resource

win10v2004-20241007-en

darkcomet fo discovery evasion rat trojan upx

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

fo

C2

127.0.0.1:1010

46.39.230.61:1010

Mutex

DC_MUTEX-PR2UBLF

Attributes

gencode
ovcHaFsW9bRT
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890N.exe
- Size
  
  718KB
- MD5
  
  7a59e4b586b19bb7e57799e71831bf30
- SHA1
  
  260639259b3781deaed92c9c63e196a3b9c100be
- SHA256
  
  e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890
- SHA512
  
  e233cf418db931990a8671b6e1c7e52dc2a7595cb77e913e98c9f2c2150e6b713012cd19f2487761a8e364e320af47741cf7ab53142fe9305d7491a8b76d747c
- SSDEEP
  
  12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6W:b8p2goysF4taCgVRdiNlOQF30V
Score

10^/10

darkcomet fo discovery evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometfodiscoveryevasionrattrojanupx

behavioral2

darkcometfodiscoveryevasionrattrojanupx

© 2018-2024

Terms | Privacy