Overview

overview

10

Static

static

1

URLScan

urlscan

http://github.com/en...

windows10-2004-x64

10

Resubmissions

01-09-2024 21:29

240901-1b7kaashjf 10

01-09-2024 21:18

240901-z54vtasakp 10

01-09-2024 21:10

240901-zz3qkasekb 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://github.com/endermanch

  • Sample

    240901-1b7kaashjf

Score
10/10
darkcometdefense_evasiondiscoveryevasionpersistencerattrojan

Malware Config

Targets

    • Target

      http://github.com/endermanch

    Score
    10/10
    darkcometdefense_evasiondiscoveryevasionpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks