darkcomet | 3d91747df27fa6094fc3ee6f93d115288aa6a5d3414fdc970e9669624d796d58 | Triage

Sharing

General

Target

3d91747df27fa6094fc3ee6f93d115288aa6a5d3414fdc970e9669624d796d58
Size

691KB
Sample

221020-1qw24agbe6
MD5

a0225368087bee96ce530d10cc9dc300
SHA1

89438fe4a2c079ec4fe5e0ca439d3dcec6926c55
SHA256

3d91747df27fa6094fc3ee6f93d115288aa6a5d3414fdc970e9669624d796d58
SHA512

2ea3c7ae1c20bff1b65736ccc8574333222bf2303fc27c9ad9b794e729361372daa0fa6e182ab0c255118b74b2dabe567f51659db9649ceeccb417029a2ef6e4
SSDEEP

12288:QXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uq:2nAw2WWeFcfbP9VPSPMTSPL/rWvzq4J6

Score

10^/10

darkcomet tim evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

TIM

C2

gamescree.zapto.org:1604

Mutex

DC_MUTEX-CJNAMP6

Attributes

gencode
7phHtxGluQyW
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  3d91747df27fa6094fc3ee6f93d115288aa6a5d3414fdc970e9669624d796d58
- Size
  
  691KB
- MD5
  
  a0225368087bee96ce530d10cc9dc300
- SHA1
  
  89438fe4a2c079ec4fe5e0ca439d3dcec6926c55
- SHA256
  
  3d91747df27fa6094fc3ee6f93d115288aa6a5d3414fdc970e9669624d796d58
- SHA512
  
  2ea3c7ae1c20bff1b65736ccc8574333222bf2303fc27c9ad9b794e729361372daa0fa6e182ab0c255118b74b2dabe567f51659db9649ceeccb417029a2ef6e4
- SSDEEP
  
  12288:QXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uq:2nAw2WWeFcfbP9VPSPMTSPL/rWvzq4J6
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan