darkcomet | 9434bc83bcf91eea11ec4994e62bf69d123a43106013f3e67ec1e67382fac0ae | Triage

Submit
Reports

Overview

overview

Static

static

deneee.exe

windows7_x64

deneee.exe

windows10-2004_x64

Sharing

General

Target

deneee.bin
Size

658KB
Sample

220618-v2jm9aacbk
MD5

6663d3f6afcb01729e9fb7e9e245c1ee
SHA1

1b7be88046e58cdbb664dfbbfd52727ce3d5d395
SHA256

9434bc83bcf91eea11ec4994e62bf69d123a43106013f3e67ec1e67382fac0ae
SHA512

6859a85eb5fd913dd682ec97df13ebcd9c881037509233adccfe78b7c9b8219ac70575c82f6eb4a65ac5667eeb7dee29a6964dc4d1baa685d40cbac75391a58a

Score

10^/10

darkcomet sazan evasion rat trojan

Static task

static1

sazan darkcomet

Behavioral task

behavioral1

Sample

deneee.exe

Resource

win7-20220414-en

darkcomet evasion rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

deneee.exe

Resource

win10v2004-20220414-en

darkcomet evasion rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

4.tcp.ngrok.io:14402

Mutex

DC_MUTEX-LQH9MR9

Attributes

gencode
r4dACsw8cUmQ
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  deneee.bin
- Size
  
  658KB
- MD5
  
  6663d3f6afcb01729e9fb7e9e245c1ee
- SHA1
  
  1b7be88046e58cdbb664dfbbfd52727ce3d5d395
- SHA256
  
  9434bc83bcf91eea11ec4994e62bf69d123a43106013f3e67ec1e67382fac0ae
- SHA512
  
  6859a85eb5fd913dd682ec97df13ebcd9c881037509233adccfe78b7c9b8219ac70575c82f6eb4a65ac5667eeb7dee29a6964dc4d1baa685d40cbac75391a58a
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy