darkcomet | 44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6 | Triage

Submit
Reports

Overview

overview

Static

static

44e72945b2...d6.exe

windows7_x64

44e72945b2...d6.exe

windows10_x64

Sharing

General

Target

44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
Size

1.6MB
Sample

210515-lt2t7v2mcx
MD5

49ad81fde492c509161ed75c94e61633
SHA1

0c494c7a110022d19808f6e4dbc9e3e103c912c6
SHA256

44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
SHA512

08a795ebed9cf08b913f781b866b3e8e0e6cb854e5d224981cb821f2afaea8b9013a1412a266b321f32fcbadd6a12d2018a8cd9f7b9a5843ff7421ec76e97520

Score

10^/10

darkcomet 0006285155275 evasion persistence rat trojan

Static task

static1

0006285155275 darkcomet

Behavioral task

behavioral1

Sample

44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6.exe

Resource

win7v20210408

darkcomet 0006285155275 evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6.exe

Resource

win10v20210410

darkcomet 0006285155275 evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

0006285155275

C2

wsws.myftp.org:2222

Mutex

DC_MUTEX-HB8VFRH

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
GixsKsK0q5Nb
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
- Size
  
  1.6MB
- MD5
  
  49ad81fde492c509161ed75c94e61633
- SHA1
  
  0c494c7a110022d19808f6e4dbc9e3e103c912c6
- SHA256
  
  44e72945b261534ce07e4af390ecc8ba876999b71589e0100f30634509196bd6
- SHA512
  
  08a795ebed9cf08b913f781b866b3e8e0e6cb854e5d224981cb821f2afaea8b9013a1412a266b321f32fcbadd6a12d2018a8cd9f7b9a5843ff7421ec76e97520
Score

10^/10

darkcomet 0006285155275 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

0006285155275darkcomet

behavioral1

darkcomet0006285155275evasionpersistencerattrojan

behavioral2

darkcomet0006285155275evasionpersistencerattrojan

© 2018-2024

Terms | Privacy