darkcomet | 8644f9c0bdda59237eddd3272a41a41633abaeff3668ddcd71a54610456288b5 | Triage

Sharing

General

Target

8644f9c0bdda59237eddd3272a41a41633abaeff3668ddcd71a54610456288b5
Size

658KB
Sample

210515-1zpwgh39c6
MD5

f979bb14551c7b5166c2564f0cb81b17
SHA1

8ee1be6c76d7a2a1179564bd0e12bb94a603402c
SHA256

8644f9c0bdda59237eddd3272a41a41633abaeff3668ddcd71a54610456288b5
SHA512

232f74ea88561f67e5a3095b83681e4f35e49e5c877e81c23cf9b04994a299e8fd981e2efae97297e6f4226ad7d7f49bd2ee4eb4d0d9a4162f22dd2749e8af23

Score

10^/10

darkcomet all evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

All

C2

192.168.0.102:1604

192.168.0.102:81

Mutex

DC_MUTEX-GRA2N0X

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
jqHg0YaebT2u
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  8644f9c0bdda59237eddd3272a41a41633abaeff3668ddcd71a54610456288b5
- Size
  
  658KB
- MD5
  
  f979bb14551c7b5166c2564f0cb81b17
- SHA1
  
  8ee1be6c76d7a2a1179564bd0e12bb94a603402c
- SHA256
  
  8644f9c0bdda59237eddd3272a41a41633abaeff3668ddcd71a54610456288b5
- SHA512
  
  232f74ea88561f67e5a3095b83681e4f35e49e5c877e81c23cf9b04994a299e8fd981e2efae97297e6f4226ad7d7f49bd2ee4eb4d0d9a4162f22dd2749e8af23
Score

10^/10

darkcomet all evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometallevasionpersistencerattrojan

behavioral2

darkcometallevasionpersistencerattrojan