asyncrat | 8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91 | Triage

Submit
Reports

Overview

overview

Static

static

DarkComet Fixed.exe

windows7_x64

DarkComet Fixed.exe

windows10-2004_x64

Sharing

General

Target

DarkComet Fixed.exe
Size

12.2MB
Sample

220711-de2f4seban
MD5

9beb9311e16cdb4f441f6de009a51ddc
SHA1

cbea1c03c413710e63016921efa4a5cc7209f293
SHA256

8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91
SHA512

b9ba8f94e9f165bd364e07035189ffa6bbc2e97d0c9092b99f0df2b463be43dc9b06d4484a08a847b543801ddeb8a37848f448fc128797af45aecb81ecbdf42c

Score

10^/10

asyncrat darkcomet default guest16 evasion persistence rat trojan

Static task

static1

rat asyncrat darkcomet

Behavioral task

behavioral1

Sample

DarkComet Fixed.exe

Resource

win7-20220414-en

asyncrat darkcomet default guest16 evasion persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DarkComet Fixed.exe

Resource

win10v2004-20220414-en

asyncrat darkcomet default guest16 evasion persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

susiahat24199a.ddns.net:6606

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
true
install_file
JavaUpdate.exe
install_folder
%AppData%

aes.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

sussysdfffdfff343.duckdns.org:1604

Mutex

DC_MUTEX-DPR96FP

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
UxV043A3qL1c
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  DarkComet Fixed.exe
- Size
  
  12.2MB
- MD5
  
  9beb9311e16cdb4f441f6de009a51ddc
- SHA1
  
  cbea1c03c413710e63016921efa4a5cc7209f293
- SHA256
  
  8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91
- SHA512
  
  b9ba8f94e9f165bd364e07035189ffa6bbc2e97d0c9092b99f0df2b463be43dc9b06d4484a08a847b543801ddeb8a37848f448fc128797af45aecb81ecbdf42c
Score

10^/10

asyncrat darkcomet default guest16 evasion persistence rat trojan
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers.
  rat asyncrat
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Async RAT payload
  rat
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ratasyncratdarkcomet

behavioral1

asyncratdarkcometdefaultguest16evasionpersistencerattrojan

behavioral2

asyncratdarkcometdefaultguest16evasionpersistencerattrojan

© 2018-2024

Terms | Privacy