darkcomet | bd776ce9cb5251b38bd212a695e5a9b030ebf1b8f84ee0f055b1b0a852b7b50a | Triage

Submit
Reports

Overview

overview

Static

static

3

1c3f4fee56...18.exe

windows7-x64

1c3f4fee56...18.exe

windows10-2004-x64

Sharing

General

Target

1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118
Size

897KB
Sample

240701-x926nsvhkg
MD5

1c3f4fee5646b1174d5d4f50924af0ff
SHA1

4d6b32ff3337020bbe8ee4db9f46d48ce8236756
SHA256

bd776ce9cb5251b38bd212a695e5a9b030ebf1b8f84ee0f055b1b0a852b7b50a
SHA512

38d3ae81fcd6eedaf016a6f1aea9a942dc4e44684cc09c64aac70b398c6456f4017de02a8f71c21a40137da21944f6af017b17f77f61ffe2e9d62979291cfb22
SSDEEP

24576:XaGo7wr6HAslncJgpy2Psjx12xIRZwthcVM:LqAQsCwx1qi1VM

Score

10^/10

darkcomet kurban evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet kurban evasion rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet kurban evasion rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Kurban

C2

127.0.0.1:81

Mutex

DC_MUTEX-C0CFCCE

Attributes

gencode
67P1Xnr8ZpiX
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  1c3f4fee5646b1174d5d4f50924af0ff_JaffaCakes118
- Size
  
  897KB
- MD5
  
  1c3f4fee5646b1174d5d4f50924af0ff
- SHA1
  
  4d6b32ff3337020bbe8ee4db9f46d48ce8236756
- SHA256
  
  bd776ce9cb5251b38bd212a695e5a9b030ebf1b8f84ee0f055b1b0a852b7b50a
- SHA512
  
  38d3ae81fcd6eedaf016a6f1aea9a942dc4e44684cc09c64aac70b398c6456f4017de02a8f71c21a40137da21944f6af017b17f77f61ffe2e9d62979291cfb22
- SSDEEP
  
  24576:XaGo7wr6HAslncJgpy2Psjx12xIRZwthcVM:LqAQsCwx1qi1VM
Score

10^/10

darkcomet kurban evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometkurbanevasionrattrojanupx

behavioral2

darkcometkurbanevasionrattrojanupx

© 2018-2024

Terms | Privacy