darkcomet | f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520 | Triage

Submit
Reports

Overview

overview

Static

static

f462621ded...20.exe

windows7_x64

f462621ded...20.exe

windows10_x64

Sharing

General

Target

f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520
Size

1.5MB
Sample

201106-wf8yw669na
MD5

e0d467443093da7d4657af093a638beb
SHA1

5001e2e1decef170eea09de61d56f122a4394669
SHA256

f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520
SHA512

3d7fe94a6d2e0872f6dd73806ef249d99be33988774ce08dd82cc96b60aa31c3b4230d35753757d0d4af054f56f8fce71eaac2d46f87604a7dd9211b64b51b7d

Score

10^/10

darkcomet ��evasion persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520.exe

Resource

win7v20201028

darkcomet ��evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520.exe

Resource

win10v20201028

darkcomet ��evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

��

C2

densyurchikbuc.ddns.net:1604

Mutex

DC_MUTEX-7NQYZ7F

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Ro21g4F9j7W7
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520
- Size
  
  1.5MB
- MD5
  
  e0d467443093da7d4657af093a638beb
- SHA1
  
  5001e2e1decef170eea09de61d56f122a4394669
- SHA256
  
  f462621dede3d3549e07ad96afb2e5a83cdde53c72a1f6ffd8991fab0d5bf520
- SHA512
  
  3d7fe94a6d2e0872f6dd73806ef249d99be33988774ce08dd82cc96b60aa31c3b4230d35753757d0d4af054f56f8fce71eaac2d46f87604a7dd9211b64b51b7d
Score

10^/10

darkcomet ��evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet��evasionpersistencerattrojan

behavioral2

darkcomet��evasionpersistencerattrojan

© 2018-2024

Terms | Privacy