darkcomet | d230c75cac484403eb21527cfb791b0f26bedc51ea31de00c726701d7910930c | Triage

Submit
Reports

Overview

overview

Static

static

3

07e743a748...18.exe

windows7-x64

07e743a748...18.exe

windows10-2004-x64

3

Sharing

General

Target

07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118
Size

832KB
Sample

240624-l9qbbsxaqb
MD5

07e743a748a1bbb51e47e0682b6943ef
SHA1

57a4417642f65f41c6b70396da8e8e77583e64f3
SHA256

d230c75cac484403eb21527cfb791b0f26bedc51ea31de00c726701d7910930c
SHA512

4ac1f451dccfd240a5f82f8ab8b6048e1f83961e9b4ec6e2cdd9ea4c9117f207b2fa853b52225c8c530e0c9d5411f08e7ccf56123d98ceb620af5f0b1ed7a43b
SSDEEP

24576:vO8DaU7loMReFXbjQpy7oGAN4nriXvLAePZl3LH:vraalsFXbjCy7s+ryvX3

Score

10^/10

darkcomet guest16 aspackv2 evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet guest16 aspackv2 evasion persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

badrou.no-ip.org:1604

pidrou.no-ip.org:1604

192.168.0.10:1604

Mutex

DC_MUTEX-9X4GYAK

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Eb2ew6104y4G
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  07e743a748a1bbb51e47e0682b6943ef_JaffaCakes118
- Size
  
  832KB
- MD5
  
  07e743a748a1bbb51e47e0682b6943ef
- SHA1
  
  57a4417642f65f41c6b70396da8e8e77583e64f3
- SHA256
  
  d230c75cac484403eb21527cfb791b0f26bedc51ea31de00c726701d7910930c
- SHA512
  
  4ac1f451dccfd240a5f82f8ab8b6048e1f83961e9b4ec6e2cdd9ea4c9117f207b2fa853b52225c8c530e0c9d5411f08e7ccf56123d98ceb620af5f0b1ed7a43b
- SSDEEP
  
  24576:vO8DaU7loMReFXbjQpy7oGAN4nriXvLAePZl3LH:vraalsFXbjCy7s+ryvX3
Score

10^/10

darkcomet guest16 aspackv2 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16aspackv2evasionpersistencerattrojan

behavioral2

© 2018-2024

Terms | Privacy