darkcomet | 61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc | Triage

Submit
Reports

Overview

overview

Static

static

61aa788c92...dc.exe

windows7-x64

61aa788c92...dc.exe

windows10-2004-x64

Sharing

General

Target

61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
Size

658KB
Sample

220730-y9rwdafac6
MD5

674f4d8ef4964657adf1aa84d1a4bd22
SHA1

fd837d847f4840edb6cc1218f1ea59a7813bfc96
SHA256

61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
SHA512

eea4f665c5233d8ecfaecf3fbc59b52d9a5dc62b8ce4d2c17c261d53d75841756df27a1f1ae96d63bcade4bd6213599d92f975d5df809b7669a47ca4a7126d84

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Static task

static1

guest16 darkcomet

1 signatures

Behavioral task

behavioral1

Sample

61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc.exe

Resource

win7-20220715-en

darkcomet guest16 evasion persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc.exe

Resource

win10v2004-20220721-en

darkcomet guest16 evasion persistence rat trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

cometka321.ddns.net:1604

Mutex

DC_MUTEX-JZ5G2G4

Attributes

InstallPath
Windows\msdcsc.exe
gencode
TjzE59HsqfK5
install
true
offline_keylogger
true
persistence
true
reg_key
WindowsUpdate

Targets

- Target
  
  61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
- Size
  
  658KB
- MD5
  
  674f4d8ef4964657adf1aa84d1a4bd22
- SHA1
  
  fd837d847f4840edb6cc1218f1ea59a7813bfc96
- SHA256
  
  61aa788c92173825ed5c7898d6b475fb7263851324dd2e0051ef6691a42466dc
- SHA512
  
  eea4f665c5233d8ecfaecf3fbc59b52d9a5dc62b8ce4d2c17c261d53d75841756df27a1f1ae96d63bcade4bd6213599d92f975d5df809b7669a47ca4a7126d84
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionpersistencerattrojan

behavioral2

darkcometguest16evasionpersistencerattrojan

© 2018-2024

Terms | Privacy