darkcomet | 6e309f91bda425f0ed2cea66c1f3fd954f68db4c2d948df51b3516ab3f83146d | Triage

Sharing

General

Target

6e309f91bda425f0ed2cea66c1f3fd954f68db4c2d948df51b3516ab3f83146d
Size

1.2MB
Sample

221003-rqggzaahgm
MD5

6db68fd708c703cd425fe8b3f6d07c60
SHA1

238dc0b0b8746bb7d9027963dfc45d17d4108b08
SHA256

6e309f91bda425f0ed2cea66c1f3fd954f68db4c2d948df51b3516ab3f83146d
SHA512

a2f3012b83990d967a682c1acd6c92123b121f3b2a9faaf9fa44ca097dcf8dd394aa1b704237dd1e763e27005200a75c42dcfaa86bdbc8f1974e4f1bad74ea3e
SSDEEP

24576:5vOTggIRfmQX3zRYC6FVZPv+FWe4YsVEz:tjYlDZ3+UTVEz

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

bzhacker.no-ip.biz:1604

bzhacker.no-ip.biz:110

bzhacker.no-ip.biz:84

Mutex

DC_MUTEX-92K99GS

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
kLepfPEBxSqW
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  6e309f91bda425f0ed2cea66c1f3fd954f68db4c2d948df51b3516ab3f83146d
- Size
  
  1.2MB
- MD5
  
  6db68fd708c703cd425fe8b3f6d07c60
- SHA1
  
  238dc0b0b8746bb7d9027963dfc45d17d4108b08
- SHA256
  
  6e309f91bda425f0ed2cea66c1f3fd954f68db4c2d948df51b3516ab3f83146d
- SHA512
  
  a2f3012b83990d967a682c1acd6c92123b121f3b2a9faaf9fa44ca097dcf8dd394aa1b704237dd1e763e27005200a75c42dcfaa86bdbc8f1974e4f1bad74ea3e
- SSDEEP
  
  24576:5vOTggIRfmQX3zRYC6FVZPv+FWe4YsVEz:tjYlDZ3+UTVEz
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan