Extracted

• • Target

    DarkComet.exe

  • Size

    8.2MB

  • MD5

    c6641cb74bdd9e7f003dc6c9e67e1cab

  • SHA1

    5251c38bfcc670befbb9f8bf77df70edd96ab07b

  • SHA256

    cc38b7bb164fefe0d0d71a17cb09fb055b1cc14c2793ffa6341f70a7425fb249

  • SHA512

    daba3b53a0fa0f0018d259364dfb5a417b00d9ff9688ca38a006a3cfa1ef9e86b4aadb70c444ed14944467024546570367324f71ce100deaaf3f39598ba2e874

  • SSDEEP

    196608:z/pm75SOeWhEbgEpO2QfUG/f5rVcPU/YKdoAVY5pBoEOFD:51/UgQ/9VcPUJBSROl

  Score

  10^/10

  darkcometxwormdiscoveryexecutionpersistenceprivilege_escalationrattrojan

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet

  • Darkcomet family

    darkcomet

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Executes dropped EXE

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1