darkcomet | 2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111 | Triage

Submit
Reports

Overview

overview

Static

static

2a0960a210...11.exe

windows7-x64

2a0960a210...11.exe

windows10-2004-x64

Sharing

General

Target

2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
Size

658KB
Sample

221125-ljz3vagc74
MD5

95f8e456ac2d3c5a86b002596fb9015c
SHA1

902684ac2da80970b8d37a683485a8645d10468f
SHA256

2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
SHA512

5820bb9fb23e009770f3aa5003b347a7d5730a24eb66eb7380c7b10e4adc679e0491de1bd47002a32985f3bb999e1f340de47905f5a32e9592f1f89934f32b6d
SSDEEP

12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hE:qZ1xuVVjfFoynPaVBUR8f+kN10EB2

Score

10^/10

darkcomet all evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111.exe

Resource

win7-20220812-en

darkcomet all evasion persistence rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111.exe

Resource

win10v2004-20220812-en

darkcomet all evasion persistence rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

All

C2

deeside.ddns.net:1604

Mutex

DC_MUTEX-Q7AJXN5

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Xdh5jBJVLZA4
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
- Size
  
  658KB
- MD5
  
  95f8e456ac2d3c5a86b002596fb9015c
- SHA1
  
  902684ac2da80970b8d37a683485a8645d10468f
- SHA256
  
  2a0960a21018740e47266a4aff181e431c9be3a62f967716f71d873cd38e2111
- SHA512
  
  5820bb9fb23e009770f3aa5003b347a7d5730a24eb66eb7380c7b10e4adc679e0491de1bd47002a32985f3bb999e1f340de47905f5a32e9592f1f89934f32b6d
- SSDEEP
  
  12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hE:qZ1xuVVjfFoynPaVBUR8f+kN10EB2
Score

10^/10

darkcomet all evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometallevasionpersistencerattrojan

behavioral2

darkcometallevasionpersistencerattrojan

© 2018-2024

Terms | Privacy