darkcomet | 62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6 | Triage

Submit
Reports

Overview

overview

Static

static

8

62a1ff600f...c6.exe

windows7_x64

62a1ff600f...c6.exe

windows10_x64

Sharing

General

Target

62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6
Size

283KB
Sample

201108-vv17dabp3a
MD5

250c1edca599ee5249e355479e43cbed
SHA1

3bf1484a1b5cbbee4b04f97c6c6922d9a5453d3c
SHA256

62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6
SHA512

c358655cb6244abae04634451ef2d8b2fa4d7b226d4473d92eed4b05a5bbaa5c42be67e00a98edc75bea50a7468ca62b0153696ce6c789223bcbcb70d025c774

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6.exe

Resource

win7v20201028

darkcomet evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6.exe

Resource

win10v20201028

darkcomet evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6
- Size
  
  283KB
- MD5
  
  250c1edca599ee5249e355479e43cbed
- SHA1
  
  3bf1484a1b5cbbee4b04f97c6c6922d9a5453d3c
- SHA256
  
  62a1ff600ffae28164b1012e08717a87a2ab69fa49f165204092a449201b07c6
- SHA512
  
  c358655cb6244abae04634451ef2d8b2fa4d7b226d4473d92eed4b05a5bbaa5c42be67e00a98edc75bea50a7468ca62b0153696ce6c789223bcbcb70d025c774
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

darkcometevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy