darkcomet

Resubmissions

05/02/2025, 07:30

250205-jb9afaxrdl 10

05/02/2025, 07:08

250205-hx7s3axlak 10

01/10/2022, 23:07

221001-235ensceam 10

Sharing

Copy URL

Twitter E-mail

General

Target

0314ff92c271ae0a6a2c0d8d166fa32e0bd0f5625a2013a8fe7c8e9247102b07
Size

582KB
Sample

221001-235ensceam
MD5

6ee8965f23ab498defe80b79ab2ca52c
SHA1

0d74605007a81bf44052dcf43385b236d9401c66
SHA256

0314ff92c271ae0a6a2c0d8d166fa32e0bd0f5625a2013a8fe7c8e9247102b07
SHA512

9a2461be0b72addcff49e91bdb030a12a2de3ce21125b0fc1061f906c3c4790ebf3ea9495c87d24aa5c4e6619b5f558738346fe102f8bc3278c4431557f969d3
SSDEEP

12288:3w3BadD1/+wudvYWgktZiE0SJObe2HhcduQ6H6fI:GadVpupYWgktZigsS2Haub6

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

DataProtector13.05.2013

vierus330.no-ip.org:9751

Mutex

DCMIN_MUTEX-P9NPCV7

Attributes

gencode
Ch5FEfuRL0mp
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  0314ff92c271ae0a6a2c0d8d166fa32e0bd0f5625a2013a8fe7c8e9247102b07
- Size
  
  582KB
- MD5
  
  6ee8965f23ab498defe80b79ab2ca52c
- SHA1
  
  0d74605007a81bf44052dcf43385b236d9401c66
- SHA256
  
  0314ff92c271ae0a6a2c0d8d166fa32e0bd0f5625a2013a8fe7c8e9247102b07
- SHA512
  
  9a2461be0b72addcff49e91bdb030a12a2de3ce21125b0fc1061f906c3c4790ebf3ea9495c87d24aa5c4e6619b5f558738346fe102f8bc3278c4431557f969d3
- SSDEEP
  
  12288:3w3BadD1/+wudvYWgktZiE0SJObe2HhcduQ6H6fI:GadVpupYWgktZigsS2Haub6
Score

10^/10

darkcomet dataprotector13.05.2013 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Modifies WinLogon for persistence

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Drops desktop.ini file(s)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2