darkcomet

Resubmissions

06-02-2025 15:09

250206-sjg1lazqam 10

31-01-2025 12:44

250131-pylqjswkbw 10

Sharing

Copy URL

Twitter E-mail

General

Target

Liquid Bounce Launcher.zip
Size

7.9MB
Sample

250131-pylqjswkbw
MD5

a28c839f42ee6bfc334d92b84342a3d0
SHA1

b80d9c1cc293ed9297ab5467a7241360fa88aa8d
SHA256

4c8e398a92df2220c894ae9c29cbdde3f17d9ec8d98ecad1bfefae11689395b4
SHA512

55df91d4b0db3e282e1a0bde9d1b02c9b1d411a3c99b4835a47900f104b42ceb5668ca14723afedfd76bc56158118a0fc0a3108bbca95edd806f8c12c4ead9e6
SSDEEP

196608:wcUA4hSc7Kb+dQQT4KVPzVM143oubYx+S5LlYZjBMNhPT+:DwKb+dQQTbPze43jbYx+JBBMNB+

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

j4n6foy.localto.net:2596

Mutex

DC_MUTEX-1R3S01Q

Attributes

gencode
k7nfzKERaShh
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  LiquidBounce 2025/Liquid Bounce Injector.exe
- Size
  
  349KB
- MD5
  
  1166bb4123351851bd9a283654a51cf2
- SHA1
  
  2c53441f4df33453c26474fc3a01815d466b7ac6
- SHA256
  
  5dc4cef5041077ed2feef605b9db580efe0b3bcc86823aef08ab3da19c5e8797
- SHA512
  
  c62b8c3bf41ca424fe2e5e37057bae1273d533270e52a11e72aca3a35c67fc90fad4aaeb92317fe4c72e7480ebed14e5e9099f254a1beb24fe1c9c4131b86687
- SSDEEP
  
  6144:XcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37Jeb:XcW7KEZlPzCy378b
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Disables Task Manager via registry modification
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  LiquidBounce 2025/LiquidLauncher_0.4.0_x64.exe
- Size
  
  7.7MB
- MD5
  
  3d848a03ca3bad3d3fe6e034991dacbc
- SHA1
  
  a6d799e8238177459e71e1f632ab98ebcd5209f5
- SHA256
  
  d3cc5214c2a268ca00cb3a888ddb66de38f5cf770618e4bbc7ce84a8733c859c
- SHA512
  
  460a34e48b3f4e8d6d4107365b044773db7db6afdf6bde63afa69544d2b4420df88990b0bc78fcf3105a171d405d320b92c4535cc6ce527b10900284e47e813e
- SSDEEP
  
  196608:tz2Zo+rUZ2BUI96CtHp9spuxoOlkds+/1tybxNY1ZPTI:tzuUZ2BUI9THp0uxNlkds5lNY1FI
Score

8^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral2
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  d070f3275df715bf3708beff2c6c307d
- SHA1
  
  93d3725801e07303e9727c4369e19fd139e69023
- SHA256
  
  42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
- SHA512
  
  fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
- SSDEEP
  
  96:h8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/H3lkCTcaqHCI:yZIKXgk+cx6QYFkAXlncviI
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/nsis_tauri_utils.dll
- Size
  
  29KB
- MD5
  
  c5bd51b72a0de24a183585da36a160c7
- SHA1
  
  f99a50209a345185a84d34d0e5f66d04c75ff52f
- SHA256
  
  5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266
- SHA512
  
  1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc
- SSDEEP
  
  768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/
Score

3^/10

discovery
behavioral6
- Target
  
  $TEMP/MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.6MB
- MD5
  
  b49d269a231bcf719d6de10f6dcf0692
- SHA1
  
  5de6eb9c7091df08529692650224d89cae8695c3
- SHA256
  
  bde514014b95c447301d9060a221efb439c3c1f5db53415f080d4419db75b27e
- SHA512
  
  8f7c76f9c8f422e80ade13ed60f9d1fabd66fef447018a19f0398f4501c0ecc9cc2c9af3cc4f55d56df8c460a755d70699634c96093885780fc2114449784b5f
- SSDEEP
  
  49152:2iEx3ZsKgbBPetIhztPqpP0NxVjRLhlcoRZ:2issKgbBOIhzV3RhlcoRZ
Score

6^/10

adware discovery persistence privilege_escalation stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral7
- Target
  
  liquidlauncher.exe
- Size
  
  19.1MB
- MD5
  
  24eacd0be82c0f92a3a6955f5072ae4d
- SHA1
  
  fcdb95b88ae026603fe31d78fec06cd49ba896b4
- SHA256
  
  4a0efca2b8bc9aef61ba50dacfd263ee2e2fbe94df730236dc1b831b1b5ad70b
- SHA512
  
  2e51dc8f01680d1ac1d2054a4ac1ebd84333ddc6a72b32adfb68267655796019cad13ca2c0d4b9cb42c2d0425b05265a3ee37f6d56173952db8824859b1036fa
- SSDEEP
  
  196608:LPodHZTm+t4A4H8TKtnFkYk50z/0pYOpqe2tOHCqvQ/M5JfN:2AftFkT50T0pNpqe20HCqY/M5J
Score

1^/10
behavioral8
- Target
  
  uninstall.exe
- Size
  
  75KB
- MD5
  
  6bc0e74cd77f4f7dbe99e8c24919abe8
- SHA1
  
  6415cd94196e1053181c78be7e3aecc0729f2234
- SHA256
  
  36d6a82f046bfa4ca72791548952278d840dcb2ed104307d55336589991b97ed
- SHA512
  
  c359a367f4e3dc81e2a07b1ef470d5d8581fc810691a6b5576021be2a30a88664cda92fa074609bbd7fd5442a7ab246efa0c3211640f77632f58bb6055b3d635
- SSDEEP
  
  1536:DmsAYBdTU9fEAIS2PEtuggdLeAyNZLMbWxDXKAGN14tR+19tTgGq8A3zO:SfY/TU9fE9PEtugceAWMbADXNGN4R+US
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral9
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10

discovery
behavioral10
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral11
- Target
  
  $PLUGINSDIR/nsis_tauri_utils.dll
- Size
  
  29KB
- MD5
  
  c5bd51b72a0de24a183585da36a160c7
- SHA1
  
  f99a50209a345185a84d34d0e5f66d04c75ff52f
- SHA256
  
  5ef1f010f9a8be4ffe0913616f6c54acf403ee0b83d994821ae4b6716ec1d266
- SHA512
  
  1349027b08c7f82e17f572e035f224a46f33f0a410526cf471b22a74b7904b54d1befb5ea7f23c90079605d4663f1207b8c81a45e218801533d48b6602a93dbc
- SSDEEP
  
  768:jnvg/4R1C7063G5I1CabuqcFKpnq0jdhK7W+q:jvu4RM2WCqYMX/
Score

3^/10

discovery
behavioral12