darkcomet | 1ede41d6a04c69518f45c74c8fdb874b98f076b7de89d1e9c830949915561b23 | Triage

Sharing

General

Target

1ede41d6a04c69518f45c74c8fdb874b98f076b7de89d1e9c830949915561b23
Size

1.3MB
Sample

221029-s2kjfacfb8
MD5

8973a50805bd65665b7a391442638166
SHA1

f47250ce50bb3efa491de4cef210e114be24a217
SHA256

1ede41d6a04c69518f45c74c8fdb874b98f076b7de89d1e9c830949915561b23
SHA512

67f324263c8a38983fe17847112d44e180c9ab5a00e5c855fe5c991b0921b7323bcdcfa3df67fbce0be39b5b0398c0bfc5cf9931297e69e80f540a970afe8ecd
SSDEEP

24576:v2O/GlcvbhyBkvNcTMRLnviGi/2P3CrnNXX2H8kqTgYt0vG9YoQ:lhcnM5nabW3CrNXGq8NvG9YoQ

Score

10^/10

darkcomet bilde evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

bilde

C2

darkratten.no-ip.org:1604

Mutex

DC_MUTEX-B1VZCL7

Attributes

gencode
HQEjMcuCgH65
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  1ede41d6a04c69518f45c74c8fdb874b98f076b7de89d1e9c830949915561b23
- Size
  
  1.3MB
- MD5
  
  8973a50805bd65665b7a391442638166
- SHA1
  
  f47250ce50bb3efa491de4cef210e114be24a217
- SHA256
  
  1ede41d6a04c69518f45c74c8fdb874b98f076b7de89d1e9c830949915561b23
- SHA512
  
  67f324263c8a38983fe17847112d44e180c9ab5a00e5c855fe5c991b0921b7323bcdcfa3df67fbce0be39b5b0398c0bfc5cf9931297e69e80f540a970afe8ecd
- SSDEEP
  
  24576:v2O/GlcvbhyBkvNcTMRLnviGi/2P3CrnNXX2H8kqTgYt0vG9YoQ:lhcnM5nabW3CrNXGq8NvG9YoQ
Score

10^/10

darkcomet bilde evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometbildeevasionpersistencerattrojan

behavioral2

darkcometbildeevasionpersistencerattrojan