darkcomet | 53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f | Triage

Submit
Reports

Overview

overview

Static

static

5

53c30ab677...6f.exe

windows7-x64

53c30ab677...6f.exe

windows10-2004-x64

Sharing

General

Target

53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f
Size

1.5MB
Sample

221123-hnt6lshf7w
MD5

e3db605b6b773ae7ed7fe8596abae583
SHA1

2b573adfe3e3a2edc68936a3e864d7a9a909f12d
SHA256

53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f
SHA512

a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b
SSDEEP

24576:/RmJkcoQricOIQxiZY1iaE/IyPoXBInUZQEAb+owaADl3N4d3D40Vf7:UJZoQrbTFZY1iaeIJX+UZZE+fl36dMkT

Score

10^/10

darkcomet guest16_min persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f.exe

Resource

win7-20220901-en

darkcomet guest16_min persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f.exe

Resource

win10v2004-20220812-en

darkcomet guest16_min persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

verydark25.no-ip.biz:100

Mutex

DCMIN_MUTEX-QPZZXFD

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
0GZSgZY5XLqM
install
true
offline_keylogger
true
persistence
false
reg_key
Chrome Updater

Targets

- Target
  
  53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f
- Size
  
  1.5MB
- MD5
  
  e3db605b6b773ae7ed7fe8596abae583
- SHA1
  
  2b573adfe3e3a2edc68936a3e864d7a9a909f12d
- SHA256
  
  53c30ab677a3c5538043afa46faadecce838a183889ffdd17655676ef7e1176f
- SHA512
  
  a5b139462b64e1196045000efe64ad553d8ee3204b5da3f9b3e0df77bcec3b6253b5d169331338f009c8213023443453bb1a5f18417c47e5e179378a7bd2900b
- SSDEEP
  
  24576:/RmJkcoQricOIQxiZY1iaE/IyPoXBInUZQEAb+owaADl3N4d3D40Vf7:UJZoQrbTFZY1iaeIJX+UZZE+fl36dMkT
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan

© 2018-2024

Terms | Privacy