darkcomet | a7c4d788dbcdbb75154a25b57bb71cd1186d412fd776986fac561b74af224efd | Triage

Submit
Reports

Overview

overview

Static

static

Forever

windows7_x64

Resubmissions

08-01-2021 15:21

210108-kdkln37l9x 10

08-01-2021 08:51

210108-fpetcw5rxj 1

Sharing

General

Target

defenderModule.exe
Size

47.9MB
Sample

210108-kdkln37l9x
MD5

8e8bae165f8891a4b74b38fc79f6f159
SHA1

ecc64521a67db9d51625c5e2795536e2d182327e
SHA256

a7c4d788dbcdbb75154a25b57bb71cd1186d412fd776986fac561b74af224efd
SHA512

b5863051f8208b63418b48737a1de0c488594ca6cf6ab4410fa568995d9c8130e388989995b2dde243439aa8f28ddddabbc950ff360a3c33eed51d9ca7b76db0

Score

10^/10

darkcomet xmrig evasion miner rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

defenderModule.exe

Resource

win7v20201028

darkcomet xmrig evasion miner rat trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  defenderModule.exe
- Size
  
  47.9MB
- MD5
  
  8e8bae165f8891a4b74b38fc79f6f159
- SHA1
  
  ecc64521a67db9d51625c5e2795536e2d182327e
- SHA256
  
  a7c4d788dbcdbb75154a25b57bb71cd1186d412fd776986fac561b74af224efd
- SHA512
  
  b5863051f8208b63418b48737a1de0c488594ca6cf6ab4410fa568995d9c8130e388989995b2dde243439aa8f28ddddabbc950ff360a3c33eed51d9ca7b76db0
Score

10^/10

darkcomet xmrig evasion miner rat trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner Payload
  miner
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Scripting

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometxmrigevasionminerrattrojan

© 2018-2024

Terms | Privacy