darkcomet | ace79191841e2cef9a1b173291a601aca640efa1c973509b05947361ac963ba9 | Triage

Sharing

General

Target

BootstrapperV1.24.exe
Size

658KB
Sample

241006-qdacfsvgrn
MD5

3ee0372d64df6ea69e4b0fb4fce81897
SHA1

b9a7f1fea7171003b0aa657f4dd850583fd07cf0
SHA256

ace79191841e2cef9a1b173291a601aca640efa1c973509b05947361ac963ba9
SHA512

992d8fcca00089d45f1a196193911e68454c45ce9cae1e899cb0f7f00f32a325d2879f28d57585180e52107eeeea5490d20c800e6c7621f0b712851dac79c6a4
SSDEEP

12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hg:eZ1xuVVjfFoynPaVBUR8f+kN10EBy

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

onsj8tw.localto.net:1604

onsj8tw.localto.net:4441

Mutex

DC_MUTEX-X7H0HND

Attributes

gencode
3oxLrHdzjqV0
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  BootstrapperV1.24.exe
- Size
  
  658KB
- MD5
  
  3ee0372d64df6ea69e4b0fb4fce81897
- SHA1
  
  b9a7f1fea7171003b0aa657f4dd850583fd07cf0
- SHA256
  
  ace79191841e2cef9a1b173291a601aca640efa1c973509b05947361ac963ba9
- SHA512
  
  992d8fcca00089d45f1a196193911e68454c45ce9cae1e899cb0f7f00f32a325d2879f28d57585180e52107eeeea5490d20c800e6c7621f0b712851dac79c6a4
- SSDEEP
  
  12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hg:eZ1xuVVjfFoynPaVBUR8f+kN10EBy
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Windows security modification
  evasion trojan
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryevasionrattrojan