darkcomet | 35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5 | Triage

Submit
Reports

Overview

overview

Static

static

5

35bcf8d5c1...b5.exe

windows7-x64

35bcf8d5c1...b5.exe

windows10-2004-x64

Sharing

General

Target

35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5
Size

1.8MB
Sample

221123-hns9baeb56
MD5

14dccd6022b3dd646b6faba60a02f9f6
SHA1

115d0acb064d8dc9e77dad53b04741d1820e6267
SHA256

35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5
SHA512

689d657bed3a7277912eb4378d45432b55ed43aff07c2c7b2610a57fbcb0d15de30f5ffb7aa9292ec45591895c46307f53ed6d860382614e2056c5b95d91cdf0
SSDEEP

49152:rJZoQrbTFZY1iazOvFjzrZmMcRu0XsgR+PS4+F7xee:rtrbTA1WdH8TJXtKExee

Score

10^/10

darkcomet daynasmithx.ddns.net persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5.exe

Resource

win7-20220812-en

darkcomet daynasmithx.ddns.net persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5.exe

Resource

win10v2004-20221111-en

darkcomet daynasmithx.ddns.net persistence rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

daynasmithx.ddns.net

C2

daynasmithx.ddns.net:100

Mutex

DCMIN_MUTEX-PXNS91A

Attributes

InstallPath
DCSCMIN\explorer.exe
gencode
rnNHzgvUMD43
install
true
offline_keylogger
true
persistence
false
reg_key
explorer

Targets

- Target
  
  35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5
- Size
  
  1.8MB
- MD5
  
  14dccd6022b3dd646b6faba60a02f9f6
- SHA1
  
  115d0acb064d8dc9e77dad53b04741d1820e6267
- SHA256
  
  35bcf8d5c18f8f939493a17a9c70faf014e15a87498c05c15b4ec9bbb3c32fb5
- SHA512
  
  689d657bed3a7277912eb4378d45432b55ed43aff07c2c7b2610a57fbcb0d15de30f5ffb7aa9292ec45591895c46307f53ed6d860382614e2056c5b95d91cdf0
- SSDEEP
  
  49152:rJZoQrbTFZY1iazOvFjzrZmMcRu0XsgR+PS4+F7xee:rtrbTA1WdH8TJXtKExee
Score

10^/10

darkcomet daynasmithx.ddns.net persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdaynasmithx.ddns.netpersistencerattrojan

behavioral2

darkcometdaynasmithx.ddns.netpersistencerattrojan

© 2018-2024

Terms | Privacy