darkcomet | 7db758016ef62e6f59638c802a2864f02185fecb0376cb30cdec099eb5d68678 | Triage

Sharing

General

Target

7db758016ef62e6f59638c802a2864f02185fecb0376cb30cdec099eb5d68678
Size

756KB
Sample

220725-eymbzaefcp
MD5

a38605fad8fc3709658eda57d21d72ce
SHA1

2b95162d9f5695ba00b3600b368ee397ef91ebf5
SHA256

7db758016ef62e6f59638c802a2864f02185fecb0376cb30cdec099eb5d68678
SHA512

f03628a84d9e76b3be1131fcd6a5ab0606bfa1ce56d8ab4076b0e45c46ea3b5316e85a4adf868115183c02c05da6b1b1516e34e191ba0b52fb81fa714b48f0ab

Score

10^/10

darkcomet kolyan evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Kolyan

C2

127.0.0.1:1604

Mutex

DC_MUTEX-AMRV1MW

Attributes

gencode
cZcxYGR8DzKJ
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  7db758016ef62e6f59638c802a2864f02185fecb0376cb30cdec099eb5d68678
- Size
  
  756KB
- MD5
  
  a38605fad8fc3709658eda57d21d72ce
- SHA1
  
  2b95162d9f5695ba00b3600b368ee397ef91ebf5
- SHA256
  
  7db758016ef62e6f59638c802a2864f02185fecb0376cb30cdec099eb5d68678
- SHA512
  
  f03628a84d9e76b3be1131fcd6a5ab0606bfa1ce56d8ab4076b0e45c46ea3b5316e85a4adf868115183c02c05da6b1b1516e34e191ba0b52fb81fa714b48f0ab
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

kolyan darkcomet

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan