darkcomet | 22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822 | Triage

Submit
Reports

Overview

overview

Static

static

22688d00a7...22.exe

windows7-x64

22688d00a7...22.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822
Size

931KB
Sample

221107-tglfnshbal
MD5

0c6822b399ad20c163522393db577547
SHA1

51b2579d90e7028723d6e6c7249e49b12e0d491b
SHA256

22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822
SHA512

22137c4ae81e46c4edc8dfeb5b7038aed0d449b03a3314809440af500dab66f42d7954d081343aceb7fb14a8e6f3e55f45617d5c13c36f5867eacc4dfcd0a722
SSDEEP

24576:DZ1xuVVjfFoynPaVBUR8f+kN10EB1hoM/kp7wZ4:1QDgok30ehAp

Score

10^/10

darkcomet pointblank evasion persistence rat trojan

Static task

static1

pointblank darkcomet

1 signatures

Behavioral task

behavioral1

Sample

22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822.exe

Resource

win7-20220812-en

darkcomet pointblank evasion persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822.exe

Resource

win10v2004-20220901-en

darkcomet pointblank evasion persistence rat trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PointBlank

C2

wcturkojan.zapto.org:1604

Mutex

DC_MUTEX-1Z2Y4KL

Attributes

InstallPath
WRent\svchost.exe
gencode
w1WmBozs2uF8
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822
- Size
  
  931KB
- MD5
  
  0c6822b399ad20c163522393db577547
- SHA1
  
  51b2579d90e7028723d6e6c7249e49b12e0d491b
- SHA256
  
  22688d00a7f7a5b417510b1678a294d04344874473ef8516757ee97c189a9822
- SHA512
  
  22137c4ae81e46c4edc8dfeb5b7038aed0d449b03a3314809440af500dab66f42d7954d081343aceb7fb14a8e6f3e55f45617d5c13c36f5867eacc4dfcd0a722
- SSDEEP
  
  24576:DZ1xuVVjfFoynPaVBUR8f+kN10EB1hoM/kp7wZ4:1QDgok30ehAp
Score

10^/10

darkcomet pointblank evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pointblankdarkcomet

behavioral1

darkcometpointblankevasionpersistencerattrojan

behavioral2

darkcometpointblankevasionpersistencerattrojan

© 2018-2025

Terms | Privacy