darkcomet | e6f6e9187b8471bfef50ecd7bce4356ade32dc1a166f2681969cdbea0b5a8ab3 | Triage

Sharing

General

Target

a72f0a344892c234f13a5d3b7d80e32d_JaffaCakes118
Size

658KB
Sample

241127-lmdzsavlar
MD5

a72f0a344892c234f13a5d3b7d80e32d
SHA1

d9151607c6203902b04e09cd0482ad6a8136d5f4
SHA256

e6f6e9187b8471bfef50ecd7bce4356ade32dc1a166f2681969cdbea0b5a8ab3
SHA512

cbcf9f61ee405345452bc928357a2ad4a597b218afde2ef584771c62418fb38966e06915617ad4adbd4e345757375b357b438a1cf806b496795cebfa02bd24f4
SSDEEP

12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hw:qZ1xuVVjfFoynPaVBUR8f+kN10EBC

Score

10^/10

darkcomet azath0t discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Azath0t

C2

10001110101.no-ip.biz:443

Mutex

DC_MUTEX-YVQEM6N

Attributes

gencode
4xCBXTz3hXCn
install
false
offline_keylogger
true
password
D4rkc0m3T
persistence
false

Targets

- Target
  
  a72f0a344892c234f13a5d3b7d80e32d_JaffaCakes118
- Size
  
  658KB
- MD5
  
  a72f0a344892c234f13a5d3b7d80e32d
- SHA1
  
  d9151607c6203902b04e09cd0482ad6a8136d5f4
- SHA256
  
  e6f6e9187b8471bfef50ecd7bce4356ade32dc1a166f2681969cdbea0b5a8ab3
- SHA512
  
  cbcf9f61ee405345452bc928357a2ad4a597b218afde2ef584771c62418fb38966e06915617ad4adbd4e345757375b357b438a1cf806b496795cebfa02bd24f4
- SSDEEP
  
  12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hw:qZ1xuVVjfFoynPaVBUR8f+kN10EBC
Score

10^/10

darkcomet azath0t discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

azath0tdarkcomet

behavioral1

darkcometazath0tdiscoveryevasionrattrojan

behavioral2

darkcometazath0tdiscoveryevasionrattrojan