darkcomet | 2fa1ab454114dc94dd69ae6e2f2a31270bd7f00e8ea454317791374a767a3cdf | Triage

Submit
Reports

Overview

overview

Static

static

19ae0c3eba...18.exe

windows7-x64

19ae0c3eba...18.exe

windows10-2004-x64

Sharing

General

Target

19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118
Size

649KB
Sample

240628-lskphswarp
MD5

19ae0c3eba9091ca7daea2db9b5f3f09
SHA1

1e9cf220cccc2155aa0d41ae401d584ebb98863a
SHA256

2fa1ab454114dc94dd69ae6e2f2a31270bd7f00e8ea454317791374a767a3cdf
SHA512

dd471891a6e439f9babe91dcd10ce60e9d1a9b2857544224fcd94c96d02c72c5c1a1909497c6f7c060f7021405e66b0ecc1395134f604127d9c1d4692db187d5
SSDEEP

12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+A:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+G9

Score

10^/10

darkcomet habbo gen evasion rat trojan

Static task

static1

habbo gen darkcomet

2 signatures

Behavioral task

behavioral1

Sample

19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet habbo gen evasion rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet habbo gen evasion rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Habbo Gen

C2

82.41.38.18:1995

Mutex

DC_MUTEX-5WTNQ5D

Attributes

gencode
Qn34A2Y5nQa0
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  19ae0c3eba9091ca7daea2db9b5f3f09_JaffaCakes118
- Size
  
  649KB
- MD5
  
  19ae0c3eba9091ca7daea2db9b5f3f09
- SHA1
  
  1e9cf220cccc2155aa0d41ae401d584ebb98863a
- SHA256
  
  2fa1ab454114dc94dd69ae6e2f2a31270bd7f00e8ea454317791374a767a3cdf
- SHA512
  
  dd471891a6e439f9babe91dcd10ce60e9d1a9b2857544224fcd94c96d02c72c5c1a1909497c6f7c060f7021405e66b0ecc1395134f604127d9c1d4692db187d5
- SSDEEP
  
  12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+A:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+G9
Score

10^/10

darkcomet habbo gen evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

habbo gendarkcomet

behavioral1

darkcomethabbo genevasionrattrojan

behavioral2

darkcomethabbo genevasionrattrojan

© 2018-2024

Terms | Privacy