darkcomet | 9512809ee16fe65b495b07482af36e84f4b7b3bf78988e3d215b222e0aeab4fd | Triage

Sharing

General

Target

9512809ee16fe65b495b07482af36e84f4b7b3bf78988e3d215b222e0aeab4fd
Size

1.1MB
Sample

220524-s3xkdsgcb8
MD5

0efaae568a2ed3caf0c5515042d15f7b
SHA1

e64669c03a8887ee98918274735a90a15455e323
SHA256

9512809ee16fe65b495b07482af36e84f4b7b3bf78988e3d215b222e0aeab4fd
SHA512

85f7224b6a282309c95968636f974ccf21d7d7bf6a6bc72f2c472f3bcf2f3fe7359f7f2b336e8cff6e85db0db5c067e45b6a637fd18c8d4ddc3e878d1b2e33de

Score

10^/10

darkcomet hack evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Hack

C2

127.0.0.1:1604

Mutex

DC_MUTEX-XGQNJH5

Attributes

gencode
q4tALXogPYaS
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  9512809ee16fe65b495b07482af36e84f4b7b3bf78988e3d215b222e0aeab4fd
- Size
  
  1.1MB
- MD5
  
  0efaae568a2ed3caf0c5515042d15f7b
- SHA1
  
  e64669c03a8887ee98918274735a90a15455e323
- SHA256
  
  9512809ee16fe65b495b07482af36e84f4b7b3bf78988e3d215b222e0aeab4fd
- SHA512
  
  85f7224b6a282309c95968636f974ccf21d7d7bf6a6bc72f2c472f3bcf2f3fe7359f7f2b336e8cff6e85db0db5c067e45b6a637fd18c8d4ddc3e878d1b2e33de
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2