darkcomet | 956e0edf747801d9effc2f8c912d86f42704ec7bc2833810124518a62e0c99db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

956e0edf747801d9effc2f8c912d86f42704ec7bc2833810124518a62e0c99db
Size

658KB
Sample

221029-pj8xjafcg8
MD5

0fec733f48e0e80dc2e0801992843b72
SHA1

64c2c00dccae8c7f3ecd0e3f5ebce46d1dc64f82
SHA256

956e0edf747801d9effc2f8c912d86f42704ec7bc2833810124518a62e0c99db
SHA512

ab903f2f3b4c4e0d1dbd0d607bc2f1665ac4bd67c27e621f5d661ec2ff3ecc16716da2d0ec99b6f2e42710feab0dd9d0929a65155df4146cac35a8dd0331b1be
SSDEEP

12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h6:+Z1xuVVjfFoynPaVBUR8f+kN10EBU

Score

10^/10

darkcomet soso persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Soso

C2

socrababa.ddns.net:5553

Mutex

DCMIN_MUTEX-CUAM7TW

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
3e9JfiqDRC3i
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  956e0edf747801d9effc2f8c912d86f42704ec7bc2833810124518a62e0c99db
- Size
  
  658KB
- MD5
  
  0fec733f48e0e80dc2e0801992843b72
- SHA1
  
  64c2c00dccae8c7f3ecd0e3f5ebce46d1dc64f82
- SHA256
  
  956e0edf747801d9effc2f8c912d86f42704ec7bc2833810124518a62e0c99db
- SHA512
  
  ab903f2f3b4c4e0d1dbd0d607bc2f1665ac4bd67c27e621f5d661ec2ff3ecc16716da2d0ec99b6f2e42710feab0dd9d0929a65155df4146cac35a8dd0331b1be
- SSDEEP
  
  12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h6:+Z1xuVVjfFoynPaVBUR8f+kN10EBU
Score

10^/10

darkcomet soso persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometsosopersistencerattrojan

behavioral2

darkcometsosopersistencerattrojan