darkcomet | c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3 | Triage

Submit
Reports

Overview

overview

Static

static

c3ad2efee7...d3.exe

windows7-x64

c3ad2efee7...d3.exe

windows10-2004-x64

Sharing

General

Target

c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3
Size

745KB
Sample

221205-xrzb3agb23
MD5

e5524b97e6efec2eec040a8e84014bb8
SHA1

2ba2edb84401acfdc218a3bfb4475dda5a254482
SHA256

c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3
SHA512

44643cb2bec7269d09461f4795269340909e6137928bfde46ea57a3928af003d96fd5f894f3c58909dfe11d7db49020430095fb1d0601730066d014c773da271
SSDEEP

12288:c6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:xAmBpVKHu0Mu9Xo20VGLVP5

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3.exe

Resource

win7-20221111-en

darkcomet evasion rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3.exe

Resource

win10v2004-20221111-en

darkcomet evasion rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3
- Size
  
  745KB
- MD5
  
  e5524b97e6efec2eec040a8e84014bb8
- SHA1
  
  2ba2edb84401acfdc218a3bfb4475dda5a254482
- SHA256
  
  c3ad2efee79fb65a92bd30b178f159cabed4410c8dfbc473d3bb9254d687e8d3
- SHA512
  
  44643cb2bec7269d09461f4795269340909e6137928bfde46ea57a3928af003d96fd5f894f3c58909dfe11d7db49020430095fb1d0601730066d014c773da271
- SSDEEP
  
  12288:c6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:xAmBpVKHu0Mu9Xo20VGLVP5
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy