Overview

overview

10

Static

static

186a7cfa0d...7e.exe

windows7-x64

10

186a7cfa0d...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    186a7cfa0dd16e0d931c32b5617766416b8a09d00fda23b49f6e5aa60bd4a47e

  • Size

    851KB

  • Sample

    221130-n9j6eshd77

  • MD5

    11809afb3c3e1777e6efbb5a426641b0

  • SHA1

    ef713e6840fa0a049af9816bbdbec262ac5af08e

  • SHA256

    186a7cfa0dd16e0d931c32b5617766416b8a09d00fda23b49f6e5aa60bd4a47e

  • SHA512

    31d67debfad7af652d494a02fba26bd6fe66900b7ef51769f3aed6b9329028d63a1ac55704ad3221f894e5d637ecbfab6a68b261ed232c30657247d3759ca8c3

  • SSDEEP

    24576:A////c5a2YepX2JNU4G55l1FbHcoluFLhA:/HYepVj1Fb8o8

Score
10/10
darkcometnew452012evasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

New452012

C2

airjosh977.no-ip.biz:100

Mutex

DC_MUTEX-T577G6G

Attributes
  • gencode

    WrgUMHjTbCs4

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      186a7cfa0dd16e0d931c32b5617766416b8a09d00fda23b49f6e5aa60bd4a47e

    • Size

      851KB

    • MD5

      11809afb3c3e1777e6efbb5a426641b0

    • SHA1

      ef713e6840fa0a049af9816bbdbec262ac5af08e

    • SHA256

      186a7cfa0dd16e0d931c32b5617766416b8a09d00fda23b49f6e5aa60bd4a47e

    • SHA512

      31d67debfad7af652d494a02fba26bd6fe66900b7ef51769f3aed6b9329028d63a1ac55704ad3221f894e5d637ecbfab6a68b261ed232c30657247d3759ca8c3

    • SSDEEP

      24576:A////c5a2YepX2JNU4G55l1FbHcoluFLhA:/HYepVj1Fb8o8

    Score
    10/10
    darkcometnew452012evasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Disabling Security Tools

2
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks