darkcomet | 2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5 | Triage

Submit
Reports

Overview

overview

Static

static

2243df2e91...f5.exe

windows7-x64

2243df2e91...f5.exe

windows10-2004-x64

Sharing

General

Target

2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
Size

756KB
Sample

221128-qw1mcsfh82
MD5

2fa4b346f9d431e8bbfa63e6f1dcf6a1
SHA1

e8601bf601a9a2d0b1871fa49a05aab1cefec1b9
SHA256

2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
SHA512

64cb8d487c9dd36204bcb0fba11b2c7ec384049221bf35ce2076242b63559f26010dbaca9bf962df9faf818d1549bec7153b41cccec8b188f2b116cda48138b4
SSDEEP

12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hVsvv/:BZ1xuVVjfFoynPaVBUR8f+kN10EBsvv/

Score

10^/10

darkcomet r1 evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5.exe

Resource

win7-20220812-en

darkcomet r1 evasion persistence rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5.exe

Resource

win10v2004-20221111-en

darkcomet r1 evasion persistence rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

R1

C2

csgohackzz.ddns.net:1096

Mutex

DC_MUTEX-46JEUN6

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
X6gK8NP6mhLx
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
- Size
  
  756KB
- MD5
  
  2fa4b346f9d431e8bbfa63e6f1dcf6a1
- SHA1
  
  e8601bf601a9a2d0b1871fa49a05aab1cefec1b9
- SHA256
  
  2243df2e91e114754b72250f4bb753edfc6d6dc6518656cad0890f743dca22f5
- SHA512
  
  64cb8d487c9dd36204bcb0fba11b2c7ec384049221bf35ce2076242b63559f26010dbaca9bf962df9faf818d1549bec7153b41cccec8b188f2b116cda48138b4
- SSDEEP
  
  12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hVsvv/:BZ1xuVVjfFoynPaVBUR8f+kN10EBsvv/
Score

10^/10

darkcomet r1 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometr1evasionpersistencerattrojan

behavioral2

darkcometr1evasionpersistencerattrojan

© 2018-2024

Terms | Privacy