darkcomet | 8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af | Triage

Sharing

General

Target

8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
Size

658KB
Sample

220725-ajlpnsfabq
MD5

2618469009a966d50a96f5d0ece5de29
SHA1

c6b5f023ee29ab7d260269b5d2c8ab991970c9ef
SHA256

8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
SHA512

201c795dc5920b041c84d4c11c0ecc76126a013dd7a4c08e37ddeda260fc2cc6d91d4bbfb817823ca9d5948c307e4ae2041390d9825aec947040a4274f404fae

Score

10^/10

darkcomet trojan evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

TROJAN

C2

zaharpidor4.ddns.net:1604

Mutex

DC_MUTEX-70W2C6R

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
gsmv1ZVBseQD
install
true
offline_keylogger
true
persistence
true
reg_key
VIRUS

Targets

- Target
  
  8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
- Size
  
  658KB
- MD5
  
  2618469009a966d50a96f5d0ece5de29
- SHA1
  
  c6b5f023ee29ab7d260269b5d2c8ab991970c9ef
- SHA256
  
  8fb374355555668aa53a5392cb1f28a40e9bfec92b56d534c75535afb359a6af
- SHA512
  
  201c795dc5920b041c84d4c11c0ecc76126a013dd7a4c08e37ddeda260fc2cc6d91d4bbfb817823ca9d5948c307e4ae2041390d9825aec947040a4274f404fae
Score

10^/10

darkcomet trojan evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

trojandarkcomet

behavioral1

darkcomettrojanevasionpersistencerattrojan

behavioral2

darkcomettrojanevasionpersistencerattrojan