darkcomet | e9977b64d7e74740113223020df3526a75574fde5e1004e4937dd2799a290fd5 | Triage

Sharing

General

Target

e9977b64d7e74740113223020df3526a75574fde5e1004e4937dd2799a290fd5
Size

764KB
Sample

221003-qfzecsggc4
MD5

46a672f6e852bd37395495f7a8d7f790
SHA1

70fe5eb7f66daef78e117b3d032fdc0b5605fed4
SHA256

e9977b64d7e74740113223020df3526a75574fde5e1004e4937dd2799a290fd5
SHA512

8d87c50f2090f66d4fff9fa5b52c01fa4f6ca74b4ecc644b24c6a520debcbb8d1f3e044ca96f66cdd70c6224d7d4dbbd3c9002b3a4665098d4f196d3ed426c0e
SSDEEP

12288:NNxpH49zf8v8VhfmbhIYvbO0C1m4JSqsj4LQ6eBWMAI++1p:NNH49L8ShMuh1/2j4LQ1B+a

Score

10^/10

darkcomet hacked evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HACKED

C2

njhostaddbots.no-ip.org:1604

Mutex

DC_MUTEX-5LR8UFZ

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
JQrCNZocD9Jw
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  e9977b64d7e74740113223020df3526a75574fde5e1004e4937dd2799a290fd5
- Size
  
  764KB
- MD5
  
  46a672f6e852bd37395495f7a8d7f790
- SHA1
  
  70fe5eb7f66daef78e117b3d032fdc0b5605fed4
- SHA256
  
  e9977b64d7e74740113223020df3526a75574fde5e1004e4937dd2799a290fd5
- SHA512
  
  8d87c50f2090f66d4fff9fa5b52c01fa4f6ca74b4ecc644b24c6a520debcbb8d1f3e044ca96f66cdd70c6224d7d4dbbd3c9002b3a4665098d4f196d3ed426c0e
- SSDEEP
  
  12288:NNxpH49zf8v8VhfmbhIYvbO0C1m4JSqsj4LQ6eBWMAI++1p:NNH49L8ShMuh1/2j4LQ1B+a
Score

10^/10

darkcomet hacked evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethackedevasionpersistencerattrojan

behavioral2

darkcomethackedevasionpersistencerattrojan