darkcomet | 0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58 | Triage

Submit
Reports

Overview

overview

Static

static

3

0aa53c306f...58.exe

windows7-x64

0aa53c306f...58.exe

windows10-2004-x64

Sharing

General

Target

0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58.exe
Size

3MB
Sample

230706-q4nmrsbh23
MD5

6fe53a251f6e9b6deda81229abf29e49
SHA1

663063a6d3b72f8652f3bf01d5ba060a9ca4e1d2
SHA256

0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58
SHA512

e5b0c8263e9d3850ef592454b892fc09c39b5d91622f7ca5f40b0cb019c1ba2bd09a453c854b7583ae5bd8852f7f5c4af5a31e3f72ba4d530e55886acc1edac2
SSDEEP

98304:3dxPig9KbLS7NYH0VwxA0WjgeG68Nq9Hr2839Y2YXC8bx7wwI3nwiY4gZcafQm6Y:3PigkiH3Fa

Score

10^/10

darkcomet june 2023 evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58.exe

Resource

win7-20230703-en

darkcomet june 2023 evasion persistence rat trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58.exe

Resource

win10v2004-20230703-en

darkcomet june 2023 evasion persistence rat trojan

windows10-2004-x64

27 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

JUNE 2023

C2

timmy08.ddns.net:39399

Mutex

DC_MUTEX-23X1DZM

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Rn451shW1Y0e
install
true
offline_keylogger
true
persistence
true
reg_key
chrome

Targets

- Target
  
  0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58.exe
- Size
  
  3MB
- MD5
  
  6fe53a251f6e9b6deda81229abf29e49
- SHA1
  
  663063a6d3b72f8652f3bf01d5ba060a9ca4e1d2
- SHA256
  
  0aa53c306f231af2bc7097242847e6603b2856d97aa49b36cff179d645d1dd58
- SHA512
  
  e5b0c8263e9d3850ef592454b892fc09c39b5d91622f7ca5f40b0cb019c1ba2bd09a453c854b7583ae5bd8852f7f5c4af5a31e3f72ba4d530e55886acc1edac2
- SSDEEP
  
  98304:3dxPig9KbLS7NYH0VwxA0WjgeG68Nq9Hr2839Y2YXC8bx7wwI3nwiY4gZcafQm6Y:3PigkiH3Fa
Score

10^/10

darkcomet june 2023 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Scheduled Task

Persistence

Winlogon Helper DLL

Modify Existing Service

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometjune 2023evasionpersistencerattrojan

behavioral2

darkcometjune 2023evasionpersistencerattrojan

© 2018-2023

Terms | Privacy