darkcomet | ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910 | Triage

Sharing

General

Target

ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
Size

1.9MB
Sample

220524-c9sxsagcfm
MD5

5b6b3ee51c768d0c335799d16e85f5b1
SHA1

604c648cffb3e2e9fb0d3712bf341bb577c8cb81
SHA256

ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
SHA512

df0de18365acdb919ed044f399e71670157227d6e2dc0fb0425741017650c769dbcd1fb87c2259067905379afca520708a28f9d9dabe528901d2c8d64f907f96

Score

10^/10

darkcomet sazan evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

denemekerem.duckdns.org:1604

Mutex

DC_MUTEX-X97JXCQ

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
ismgUn3CHFuf
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
- Size
  
  1.9MB
- MD5
  
  5b6b3ee51c768d0c335799d16e85f5b1
- SHA1
  
  604c648cffb3e2e9fb0d3712bf341bb577c8cb81
- SHA256
  
  ed90f1c4dfa869c5f64960eaff5ea82dc33b5d18ccfb5325a55e832739374910
- SHA512
  
  df0de18365acdb919ed044f399e71670157227d6e2dc0fb0425741017650c769dbcd1fb87c2259067905379afca520708a28f9d9dabe528901d2c8d64f907f96
Score

10^/10

darkcomet sazan evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

darkcometsazanevasionrattrojan