darkcomet | 7223a2b0b960aa265adec152a24c63816db1257f92728dbf5693c53404d6cb3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7223a2b0b960aa265adec152a24c63816db1257f92728dbf5693c53404d6cb3e
Size

689KB
Sample

221201-lygvtabe31
MD5

1f8c73bbb1a40ff655eb4ddff51dd3a7
SHA1

2feeed228c20af295242ed977c62434800a8a6da
SHA256

7223a2b0b960aa265adec152a24c63816db1257f92728dbf5693c53404d6cb3e
SHA512

18c63c58a8132b12a25e23524d4912100958e2d136b15d78682c8d3722840fd258fee7c9a488fd3a5243f70d8e3afedd936b6885a6dbd421e602639345039301
SSDEEP

12288:x9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h+g:rZ1xuVVjfFoynPaVBUR8f+kN10EBR

Score

10^/10

darkcomet hf evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

projectx711.no-ip.biz:1604

Mutex

DC_MUTEX-FPKFNTY

Attributes

gencode
ALAQzpeg7j2R
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  7223a2b0b960aa265adec152a24c63816db1257f92728dbf5693c53404d6cb3e
- Size
  
  689KB
- MD5
  
  1f8c73bbb1a40ff655eb4ddff51dd3a7
- SHA1
  
  2feeed228c20af295242ed977c62434800a8a6da
- SHA256
  
  7223a2b0b960aa265adec152a24c63816db1257f92728dbf5693c53404d6cb3e
- SHA512
  
  18c63c58a8132b12a25e23524d4912100958e2d136b15d78682c8d3722840fd258fee7c9a488fd3a5243f70d8e3afedd936b6885a6dbd421e602639345039301
- SSDEEP
  
  12288:x9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h+g:rZ1xuVVjfFoynPaVBUR8f+kN10EBR
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan