darkcomet

General

Target

9f34ffb9db0deb98e578205ce3d652d40c846b2246249549e941778bdb0decca
Size

253KB
Sample

220521-a2zn9aebfq
MD5

b1370b69078107ef24488a3fb2b6bd3b
SHA1

130053af4941c3957edd1f6cc06e636b2dc74093
SHA256

9f34ffb9db0deb98e578205ce3d652d40c846b2246249549e941778bdb0decca
SHA512

4e8621020d1f79d7f0a6937033aaf66adcea13913e23b788fa2257c32de08ead33ffc29117ed94e9feb44168c5da40e63ad331c2f628a4d678fb55aa0d00d239

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lmao1.ddns.net:81

Mutex

DC_MUTEX-PQ6KE8F

Attributes

gencode
x37euWtJPYdW
install
false
offline_keylogger
false
password
123456
persistence
false

Targets

- Target
  
  9f34ffb9db0deb98e578205ce3d652d40c846b2246249549e941778bdb0decca
- Size
  
  253KB
- MD5
  
  b1370b69078107ef24488a3fb2b6bd3b
- SHA1
  
  130053af4941c3957edd1f6cc06e636b2dc74093
- SHA256
  
  9f34ffb9db0deb98e578205ce3d652d40c846b2246249549e941778bdb0decca
- SHA512
  
  4e8621020d1f79d7f0a6937033aaf66adcea13913e23b788fa2257c32de08ead33ffc29117ed94e9feb44168c5da40e63ad331c2f628a4d678fb55aa0d00d239
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

2

T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies firewall policy service

Modifies security service

Windows security bypass

Windows security modification

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2