darkcomet | ad206e7fc904702cc39366ee348202e3b8bf5c38074f1b2b2bb3485f2d69f203 | Triage

Sharing

General

Target

ad206e7fc904702cc39366ee348202e3b8bf5c38074f1b2b2bb3485f2d69f203
Size

690KB
Sample

221129-rhyraafg46
MD5

75a3b3a00d77c8dd6c223025dfe09723
SHA1

a64b85df7e57ae76b7164d66ed3e5446fdb7a343
SHA256

ad206e7fc904702cc39366ee348202e3b8bf5c38074f1b2b2bb3485f2d69f203
SHA512

595198542fa9df70e200487a40669edcda2ec2f216ddcca286212ef176d37bb91e4e680a3f03af019c7796e64299d0e5f65be2eb109cf66e76d80967b5b3e06a
SSDEEP

12288:Z9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hGE:jZ1xuVVjfFoynPaVBUR8f+kN10EBN

Score

10^/10

darkcomet hacked evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Hacked

C2

md5ppn.no-ip.org:5656

md5ppn.no-ip.biz:5656

md5ppn.no-ip.biz:20012

md5ppn.no-ip.org:20012

md5ppn.no-ip.org:81

md5ppn.no-ip.biz:81

Mutex

DC_MUTEX-48S18PP

Attributes

gencode
akgYhyGRHyyK
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ad206e7fc904702cc39366ee348202e3b8bf5c38074f1b2b2bb3485f2d69f203
- Size
  
  690KB
- MD5
  
  75a3b3a00d77c8dd6c223025dfe09723
- SHA1
  
  a64b85df7e57ae76b7164d66ed3e5446fdb7a343
- SHA256
  
  ad206e7fc904702cc39366ee348202e3b8bf5c38074f1b2b2bb3485f2d69f203
- SHA512
  
  595198542fa9df70e200487a40669edcda2ec2f216ddcca286212ef176d37bb91e4e680a3f03af019c7796e64299d0e5f65be2eb109cf66e76d80967b5b3e06a
- SSDEEP
  
  12288:Z9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hGE:jZ1xuVVjfFoynPaVBUR8f+kN10EBN
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hackeddarkcomet

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan