darkcomet | 56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56 | Triage

Sharing

General

Target

56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56
Size

658KB
Sample

220520-17k16ahhfr
MD5

9a10fd9402f430eaf52a7dbb562997c9
SHA1

7c2978c9229eb9b1a85235d164d002f84e99f005
SHA256

56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56
SHA512

e8d3d11dd79bef2beaa2acc69198b5089b402fbbb1397db8a54995cb6bdea8b970c78376c77ca6810ab68bb1bf282eae34f8d6f22959952ab853aa9691602080

Score

10^/10

darkcomet guest16 evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

agamon888.hopto.org:1604

Mutex

DC_MUTEX-15WRC0Z

Attributes

gencode
NnWs4Qut2Lls
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56
- Size
  
  658KB
- MD5
  
  9a10fd9402f430eaf52a7dbb562997c9
- SHA1
  
  7c2978c9229eb9b1a85235d164d002f84e99f005
- SHA256
  
  56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56
- SHA512
  
  e8d3d11dd79bef2beaa2acc69198b5089b402fbbb1397db8a54995cb6bdea8b970c78376c77ca6810ab68bb1bf282eae34f8d6f22959952ab853aa9691602080
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan