darkcomet | 179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931 | Triage

Submit
Reports

Overview

overview

Static

static

5

179bb518d4...31.exe

windows7-x64

179bb518d4...31.exe

windows10-2004-x64

Sharing

General

Target

179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
Size

2.2MB
Sample

221126-pt4qkada78
MD5

03db752ed2e4a089ff35dd1a339047e2
SHA1

aff6b7424e041ff07f514020c6ecebb516a68812
SHA256

179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
SHA512

7566067c0304186696847848a3664a00e1066d4ad76b410d5d9b4871c69ac64a790005df69384ace48afd11b5137e05ad4ddd14d64c6f050598cab750ce561c0
SSDEEP

49152:n1vqjd/Q1/Ogdlg9Fy+sX8C+Hxi2UcqvnWkhcZfePLaWexR/HR:n1vqju/O2uOX8CqI99vWkhcZfgGWezfR

Score

10^/10

darkcomet zombie evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931.exe

Resource

win7-20221111-en

darkcomet zombie evasion persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931.exe

Resource

win10v2004-20220901-en

darkcomet zombie evasion persistence rat trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Zombie

C2

musicbox.servemp3.com:2890

Mutex

DC_MUTEX-MNV1PW6

Attributes

InstallPath
AppSoft\svchost.exe
gencode
zeZBYFmhM4eU
install
true
offline_keylogger
true
persistence
true
reg_key
msnmsgr

Targets

- Target
  
  179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
- Size
  
  2.2MB
- MD5
  
  03db752ed2e4a089ff35dd1a339047e2
- SHA1
  
  aff6b7424e041ff07f514020c6ecebb516a68812
- SHA256
  
  179bb518d449769e05c98dffffc1bb17364bf6bc2b5c84dda5097d26faddb931
- SHA512
  
  7566067c0304186696847848a3664a00e1066d4ad76b410d5d9b4871c69ac64a790005df69384ace48afd11b5137e05ad4ddd14d64c6f050598cab750ce561c0
- SSDEEP
  
  49152:n1vqjd/Q1/Ogdlg9Fy+sX8C+Hxi2UcqvnWkhcZfePLaWexR/HR:n1vqju/O2uOX8CqI99vWkhcZfgGWezfR
Score

10^/10

darkcomet zombie evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometzombieevasionpersistencerattrojan

behavioral2

darkcometzombieevasionpersistencerattrojan

© 2018-2024

Terms | Privacy