darkcomet

General

Target

f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
Size

935KB
Sample

221004-belpjsehd2
MD5

39155d3cb3f7297e02c78e8de64e0060
SHA1

3a8825b7168b837d5388f5b26b24ea950169f131
SHA256

f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
SHA512

30d2d6237964da7af8fa9b89ef2168c471f5cd9a504ca2d777bdf361b813c8be21763d89f5ad92fc9ee1e1cf1104d41ee16b75b37934fce5544977a57c82c8a4
SSDEEP

24576:n4t9MIPPE/RaPtUPYh31XyGb7govmIa1x3c:K0/R0tkA1fgUmIix

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

mark3000011.no-ip.biz:1177

Mutex

b5857819bb096c04134249d6f4e71934

Attributes

reg_key
b5857819bb096c04134249d6f4e71934
splitter
|'|'|

Extracted

Family

darkcomet

Botnet

RAT

C2

liorhadad.no-ip.info:1300

46.116.152.219:1300

85.64.54.170:1300

Mutex

DC_MUTEX-69QBQR9

Attributes

gencode
6GuJmgpzwFpe
install
false
offline_keylogger
true
password
123456s
persistence
false

Targets

- Target
  
  f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
- Size
  
  935KB
- MD5
  
  39155d3cb3f7297e02c78e8de64e0060
- SHA1
  
  3a8825b7168b837d5388f5b26b24ea950169f131
- SHA256
  
  f07ba8bfcdcfa52a20e341a6d22b8f6d3ed668e947d33770b02e7d391a2aa429
- SHA512
  
  30d2d6237964da7af8fa9b89ef2168c471f5cd9a504ca2d777bdf361b813c8be21763d89f5ad92fc9ee1e1cf1104d41ee16b75b37934fce5544977a57c82c8a4
- SSDEEP
  
  24576:n4t9MIPPE/RaPtUPYh31XyGb7govmIa1x3c:K0/R0tkA1fgUmIix
Score

10^/10

darkcomet njrat hacked rat persistence rat trojan microsoft phishing
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Detected potential entity reuse from brand microsoft.

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2