darkcomet | 91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea | Triage

Submit
Reports

Overview

overview

Static

static

91b88db55d...ea.exe

windows7-x64

91b88db55d...ea.exe

windows10-2004-x64

Sharing

General

Target

91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea
Size

635KB
Sample

221202-rle4caac2x
MD5

83d3b698e3bd42b8fb1c598517fb1875
SHA1

e1832f04e5a77e0750387ec6a5f452059c7aa9da
SHA256

91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea
SHA512

8f8377d299efb325f302483919bdf08161d3c47823a06901496bff6f8b7bd062a952ef9fbd10a7bd078e762e36eaaf4c9013e58619bb822e8af5173e1479a76f
SSDEEP

12288:spwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/i:WwAcu99lPzvxP+Bsz2XjWTRMQckkIXn6

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea.exe

Resource

win7-20220812-en

darkcomet evasion rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea.exe

Resource

win10v2004-20220812-en

darkcomet evasion rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea
- Size
  
  635KB
- MD5
  
  83d3b698e3bd42b8fb1c598517fb1875
- SHA1
  
  e1832f04e5a77e0750387ec6a5f452059c7aa9da
- SHA256
  
  91b88db55d3e58d433e3fa0784ffb1087c551b62e7b366373dc5cd7969ce5dea
- SHA512
  
  8f8377d299efb325f302483919bdf08161d3c47823a06901496bff6f8b7bd062a952ef9fbd10a7bd078e762e36eaaf4c9013e58619bb822e8af5173e1479a76f
- SSDEEP
  
  12288:spwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/i:WwAcu99lPzvxP+Bsz2XjWTRMQckkIXn6
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy