darkcomet | 09e297bd89610efce8e83e013b21a175dd47ca1bbb7df5284cf71cd5385daa78 | Triage

Submit
Reports

Overview

overview

Static

static

ware.exe

windows10-2004-x64

Sharing

General

Target

ware.exe
Size

658KB
Sample

240505-xp9d9ade87
MD5

86809c06e4f5bedcffea7f983f2059af
SHA1

53dd293ccf526894885c4dc2ca47b1ddf28e618b
SHA256

09e297bd89610efce8e83e013b21a175dd47ca1bbb7df5284cf71cd5385daa78
SHA512

c6425808f7d772578cdf988e8db92aa46b41672491cdbcf9e649c6ffa369d8ad4eb012412e880f19e8ac1a6ed4cafa05f85438a1be3bc42e6614be4659b35f37
SSDEEP

12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:+Z1xuVVjfFoynPaVBUR8f+kN10EBL

Score

10^/10

darkcomet guest16 evasion rat trojan

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

ware.exe

Resource

win10v2004-20240419-en

darkcomet guest16 evasion rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

5.39.43.50:1337

Mutex

DC_MUTEX-DPUDTLY

Attributes

gencode
u31d2mspyHez
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ware.exe
- Size
  
  658KB
- MD5
  
  86809c06e4f5bedcffea7f983f2059af
- SHA1
  
  53dd293ccf526894885c4dc2ca47b1ddf28e618b
- SHA256
  
  09e297bd89610efce8e83e013b21a175dd47ca1bbb7df5284cf71cd5385daa78
- SHA512
  
  c6425808f7d772578cdf988e8db92aa46b41672491cdbcf9e649c6ffa369d8ad4eb012412e880f19e8ac1a6ed4cafa05f85438a1be3bc42e6614be4659b35f37
- SSDEEP
  
  12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hd:+Z1xuVVjfFoynPaVBUR8f+kN10EBL
Score

10^/10

darkcomet guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionrattrojan

© 2018-2024

Terms | Privacy