darkcomet | d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab | Triage

Submit
Reports

Overview

overview

Static

static

d35485fe44...ab.exe

windows7_x64

d35485fe44...ab.exe

windows10_x64

Sharing

General

Target

d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
Size

659KB
Sample

210921-kh5q9sbegk
MD5

5bfa0be4efc7ffb3b6e2cd63b78fbb5b
SHA1

92031a89f86535db2085ed43dd8034e905169c6f
SHA256

d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
SHA512

f797d3be2e3f99a621be6a0dcc0e4e1cb0bb3263192feae27828b5adf234e350d7adf84f383ef2adb6ccccce0a95a0f6e9a93601a57a48e5f35aed5f218f7130

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Static task

static1

guest16 darkcomet

Behavioral task

behavioral1

Sample

d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab.exe

Resource

win7v20210408

darkcomet evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab.exe

Resource

win10v20210408

darkcomet evasion persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

6.tcp.ngrok.io:19838

6.tcp.ngrok.io:1604

Mutex

DC_MUTEX-R7Y8PG9

Attributes

InstallPath
Java/exe
gencode
aE8nfjsgA5tn
install
true
offline_keylogger
true
persistence
true
reg_key
Java

Targets

- Target
  
  d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
- Size
  
  659KB
- MD5
  
  5bfa0be4efc7ffb3b6e2cd63b78fbb5b
- SHA1
  
  92031a89f86535db2085ed43dd8034e905169c6f
- SHA256
  
  d35485fe44100a4643b22dc9ccaf443a4e98890710ee52701147e2144cf164ab
- SHA512
  
  f797d3be2e3f99a621be6a0dcc0e4e1cb0bb3263192feae27828b5adf234e350d7adf84f383ef2adb6ccccce0a95a0f6e9a93601a57a48e5f35aed5f218f7130
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan

© 2018-2024

Terms | Privacy