darkcomet | 9a7a5812925386752b6917f3e0818db912a27d1a21a4b4987130a2436e8ca35a | Triage

Sharing

General

Target

9a7a5812925386752b6917f3e0818db912a27d1a21a4b4987130a2436e8ca35a
Size

672KB
Sample

221014-l1sebsada2
MD5

607488868732af45f59b2d37c88a2390
SHA1

9aec089f760591cf6a583224cf5c4e43a5a9c88a
SHA256

9a7a5812925386752b6917f3e0818db912a27d1a21a4b4987130a2436e8ca35a
SHA512

d714a430b75d0809b0f1c0ef7d5036ec0bbdbeaf24f53d6de9a6bfe26aac62653463f8896c41894df85fe563cfd3a8a211f79ec105e006e131ab220a627c48d5
SSDEEP

12288:KSKd7Ykg+hCgupizXDl8EnfSutCUUPVEVa0sNivvbMJQd8VSP5ODe3wD:Hm7BWARLCRPUaJNIvbMJRd

Score

10^/10

darkcomet use rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

use

C2

31.47.123.134:1995

Mutex

DCMIN_MUTEX-U0FNYXZ

Attributes

gencode
tVbViEJdR6um
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  9a7a5812925386752b6917f3e0818db912a27d1a21a4b4987130a2436e8ca35a
- Size
  
  672KB
- MD5
  
  607488868732af45f59b2d37c88a2390
- SHA1
  
  9aec089f760591cf6a583224cf5c4e43a5a9c88a
- SHA256
  
  9a7a5812925386752b6917f3e0818db912a27d1a21a4b4987130a2436e8ca35a
- SHA512
  
  d714a430b75d0809b0f1c0ef7d5036ec0bbdbeaf24f53d6de9a6bfe26aac62653463f8896c41894df85fe563cfd3a8a211f79ec105e006e131ab220a627c48d5
- SSDEEP
  
  12288:KSKd7Ykg+hCgupizXDl8EnfSutCUUPVEVa0sNivvbMJQd8VSP5ODe3wD:Hm7BWARLCRPUaJNIvbMJRd
Score

10^/10

darkcomet use rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometuserattrojan

behavioral2

darkcometuserattrojan