General

  • Target

    1efce611a10b2b45dfc71a87c5139c92393ece8e4db9e265a77a0b056caede56

  • Size

    658KB

  • Sample

    221003-tlr41sebeq

  • MD5

    614ce4fee5035cc7235bddebcaabc110

  • SHA1

    b017d98de4c13cd68b0101d5b8d29fe076035c3f

  • SHA256

    1efce611a10b2b45dfc71a87c5139c92393ece8e4db9e265a77a0b056caede56

  • SHA512

    fc4c04accde8bda3f37b87485e3104a5c8c5973de4bbdb6423925fc233bef4e38f709159334b5cf0d4fd83671b92ceb4afe9d8ca6997eb017560940e0f570a5b

  • SSDEEP

    12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hS:+Z1xuVVjfFoynPaVBUR8f+kN10EBo

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-6733SW3

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    9o7YY6EvlazS

  • install

    true

  • offline_keylogger

    false

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      1efce611a10b2b45dfc71a87c5139c92393ece8e4db9e265a77a0b056caede56

    • Size

      658KB

    • MD5

      614ce4fee5035cc7235bddebcaabc110

    • SHA1

      b017d98de4c13cd68b0101d5b8d29fe076035c3f

    • SHA256

      1efce611a10b2b45dfc71a87c5139c92393ece8e4db9e265a77a0b056caede56

    • SHA512

      fc4c04accde8bda3f37b87485e3104a5c8c5973de4bbdb6423925fc233bef4e38f709159334b5cf0d4fd83671b92ceb4afe9d8ca6997eb017560940e0f570a5b

    • SSDEEP

      12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hS:+Z1xuVVjfFoynPaVBUR8f+kN10EBo

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks