darkcomet | 2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2 | Triage

Submit
Reports

Overview

overview

Static

static

8

2f4e163562...b2.exe

windows7_x64

2f4e163562...b2.exe

windows10_x64

Sharing

General

Target

2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2
Size

283KB
Sample

201113-77nv6rvc72
MD5

3e2ee0a9428aa04ca0bab47fc1304cad
SHA1

776234c1122d01ff366c089e2dbcc074f366fd6d
SHA256

2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2
SHA512

ee1f4d4f25ba2e226f5d0e09706b77a2cb2559bffdc27262a04a3561ebff39cb2214f158c7fce22907b4596039cc7fc3dc67fa69e6b76f17141ac0a0b88560a9

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2.exe

Resource

win7v20201028

darkcomet evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2.exe

Resource

win10v20201028

darkcomet evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2
- Size
  
  283KB
- MD5
  
  3e2ee0a9428aa04ca0bab47fc1304cad
- SHA1
  
  776234c1122d01ff366c089e2dbcc074f366fd6d
- SHA256
  
  2f4e1635621b1535d4157c9d6bc98cc7a343878d430cc61def7397e270e8fab2
- SHA512
  
  ee1f4d4f25ba2e226f5d0e09706b77a2cb2559bffdc27262a04a3561ebff39cb2214f158c7fce22907b4596039cc7fc3dc67fa69e6b76f17141ac0a0b88560a9
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

darkcometevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy