darkcomet | 803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba | Triage

Submit
Reports

Overview

overview

Static

static

803ba3d372...ba.exe

windows7_x64

803ba3d372...ba.exe

windows10-2004_x64

Sharing

General

Target

803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
Size

658KB
Sample

220520-3wfy6scean
MD5

c9f2633623802b25ef05ed1f0368c6f7
SHA1

3408dbb4ae9b08f527c25fdcfe3719b45bde95f9
SHA256

803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
SHA512

86df127aa8c5ed2f6f1ad1766d8f5f49eec73bd6c8a9898750b260321392b7e7f4ac0d8b81748ab4d308276d8e1fa31bc303d99d750056668fd4b5059880fbd3

Score

10^/10

darkcomet guest16 evasion rat trojan

Static task

static1

guest16 darkcomet

Behavioral task

behavioral1

Sample

803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba.exe

Resource

win7-20220414-en

darkcomet evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba.exe

Resource

win10v2004-20220414-en

darkcomet evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

tresha.ddns.net:1604

tresha.ddns.net:27015

Mutex

DC_MUTEX-P6P932C

Attributes

gencode
C3gbA0cRLfCf
install
false
offline_keylogger
false
persistence
false

Targets

- Target
  
  803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
- Size
  
  658KB
- MD5
  
  c9f2633623802b25ef05ed1f0368c6f7
- SHA1
  
  3408dbb4ae9b08f527c25fdcfe3719b45bde95f9
- SHA256
  
  803ba3d37287521035a8bdd6ebfe42f211aa98fdbec5b5e25af7748f786313ba
- SHA512
  
  86df127aa8c5ed2f6f1ad1766d8f5f49eec73bd6c8a9898750b260321392b7e7f4ac0d8b81748ab4d308276d8e1fa31bc303d99d750056668fd4b5059880fbd3
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy