darkcomet | 43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4 | Triage

Submit
Reports

Overview

overview

Static

static

43bfc71737...a4.exe

windows7_x64

43bfc71737...a4.exe

windows10_x64

Sharing

General

Target

43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4
Size

658KB
Sample

210903-k5mtzagadq
MD5

bdc9fa03150b08bd14d06c994f5d291e
SHA1

e55517f4b36aacd990888c75158ed3fe319b12ff
SHA256

43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4
SHA512

391864de4bb581961b77b12d3e7247a37c0f11ebe120e41fc83f2513133459c2ea7543e566f84da35b6f86588ef891c96db9c671b9515571d3edc693b61f1a46

Score

10^/10

darkcomet kurban evasion rat trojan

Static task

static1

kurban darkcomet

Behavioral task

behavioral1

Sample

43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4.exe

Resource

win7-en

darkcomet evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4.exe

Resource

win10v20210408

darkcomet evasion rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Kurban

C2

dghc.duckdns.org:6868

Mutex

DC_MUTEX-C66RVZ8

Attributes

gencode
mrGdL8mQN2sD
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4
- Size
  
  658KB
- MD5
  
  bdc9fa03150b08bd14d06c994f5d291e
- SHA1
  
  e55517f4b36aacd990888c75158ed3fe319b12ff
- SHA256
  
  43bfc71737bff97fad2484a55e501262e2b25a03aac1a200843f3222f3dcc9a4
- SHA512
  
  391864de4bb581961b77b12d3e7247a37c0f11ebe120e41fc83f2513133459c2ea7543e566f84da35b6f86588ef891c96db9c671b9515571d3edc693b61f1a46
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

kurbandarkcomet

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy