darkcomet | f7e8ffdaadf7b099fe4a98a522d11948a6fab2081292dbd570ed055f558f0662 | Triage

Sharing

General

Target

f7e8ffdaadf7b099fe4a98a522d11948a6fab2081292dbd570ed055f558f0662
Size

689KB
Sample

220524-q44nzsdbb6
MD5

9e25e98bed41833e4e27afd395dff950
SHA1

cadf77649528213974c44cfd5986b00258f8675d
SHA256

f7e8ffdaadf7b099fe4a98a522d11948a6fab2081292dbd570ed055f558f0662
SHA512

7183a0861e543c991b60fd8dc8d2d697d5dca99f86ee5db1230f3f4f8f240c9a6cf52cb6a5d5d2928825c40ffe144100b40112003f61c77af49f61e634f1068c

Score

10^/10

darkcomet sazan evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

192.168.1.35:10048

85.98.16.112:10048

Mutex

DC_MUTEX-MZ06QGD

Attributes

gencode
8jTGSKmcudjq
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f7e8ffdaadf7b099fe4a98a522d11948a6fab2081292dbd570ed055f558f0662
- Size
  
  689KB
- MD5
  
  9e25e98bed41833e4e27afd395dff950
- SHA1
  
  cadf77649528213974c44cfd5986b00258f8675d
- SHA256
  
  f7e8ffdaadf7b099fe4a98a522d11948a6fab2081292dbd570ed055f558f0662
- SHA512
  
  7183a0861e543c991b60fd8dc8d2d697d5dca99f86ee5db1230f3f4f8f240c9a6cf52cb6a5d5d2928825c40ffe144100b40112003f61c77af49f61e634f1068c
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

darkcometevasionrattrojan