darkcomet | cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81 | Triage

Submit
Reports

Overview

overview

Static

static

8

cff9df67e1...81.exe

windows7_x64

cff9df67e1...81.exe

windows10_x64

Sharing

General

Target

cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
Size

253KB
Sample

210511-prpgkg29as
MD5

a4166b3570c3c1165c68c7ceb9aa8c65
SHA1

6f8637d1f10743a9e43abe646b44b7bb63abc1e7
SHA256

cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
SHA512

1953a35d3d6174aee555ffee66070ac02799f1410f7ced6692e3856b1b42e5cf5db4093d3f2feaeda5bd6fde568ae1ce97bfc829d69f31b8d89edff798d4d624

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81.exe

Resource

win7v20210410

darkcomet evasion persistence rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81.exe

Resource

win10v20210410

darkcomet evasion persistence rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
- Size
  
  253KB
- MD5
  
  a4166b3570c3c1165c68c7ceb9aa8c65
- SHA1
  
  6f8637d1f10743a9e43abe646b44b7bb63abc1e7
- SHA256
  
  cff9df67e143e90b061018071340e97fcc6a96807ca79ef0c980c3aa0dec8c81
- SHA512
  
  1953a35d3d6174aee555ffee66070ac02799f1410f7ced6692e3856b1b42e5cf5db4093d3f2feaeda5bd6fde568ae1ce97bfc829d69f31b8d89edff798d4d624
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

darkcometevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy