darkcomet | f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77 | Triage

Submit
Reports

Overview

overview

Static

static

5

f75411df2e...77.exe

windows7-x64

f75411df2e...77.exe

windows10-2004-x64

Sharing

General

Target

f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77
Size

1.3MB
Sample

221120-c3jersfh9t
MD5

329c4fc0b42577cdeb4e30bf0f2b5409
SHA1

8234447575f00fcd7f554cbb4bf1690c5c61e4df
SHA256

f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77
SHA512

a2aedb91954c7d554d399e5a13dea61879f3fb08f6f67baa69672fc5e45993df472a5e7af4714bed2e47a0912b2f1d1f32b03ace6a1fd8f0825bcf3252a88ff5
SSDEEP

24576:ALmJkcoQricOIQxiZY1ia0Z9NKPS/JHkxMJFQ+5idVrJPZziW1VPobENDLcaLits:PJZoQrbTFZY1ia0Z3K4JHYTxJ9Xm45gI

Score

10^/10

darkcomet vic persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77.exe

Resource

win7-20220812-en

darkcomet vic persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77.exe

Resource

win10v2004-20220812-en

darkcomet vic persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Vic

C2

84.240.10.41:7988

Mutex

DC_MUTEX-9S4LWHF

Attributes

InstallPath
Micro\MicUpd.exe
gencode
gTvQcbzWnFei
install
true
offline_keylogger
true
password
matrix15
persistence
false
reg_key
MicroUpd

Targets

- Target
  
  f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77
- Size
  
  1.3MB
- MD5
  
  329c4fc0b42577cdeb4e30bf0f2b5409
- SHA1
  
  8234447575f00fcd7f554cbb4bf1690c5c61e4df
- SHA256
  
  f75411df2ee719407f294a3319b4e72c65c963be17483c43b836c1e50a7dcb77
- SHA512
  
  a2aedb91954c7d554d399e5a13dea61879f3fb08f6f67baa69672fc5e45993df472a5e7af4714bed2e47a0912b2f1d1f32b03ace6a1fd8f0825bcf3252a88ff5
- SSDEEP
  
  24576:ALmJkcoQricOIQxiZY1ia0Z9NKPS/JHkxMJFQ+5idVrJPZziW1VPobENDLcaLits:PJZoQrbTFZY1ia0Z3K4JHYTxJ9Xm45gI
Score

10^/10

darkcomet vic persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometvicpersistencerattrojan

behavioral2

darkcometvicpersistencerattrojan

© 2018-2024

Terms | Privacy