darkcomet | e849e9c54d0af4b566e025cea441b849ae8ef17600f0b00d4c573dd21da311af | Triage

Sharing

General

Target

e849e9c54d0af4b566e025cea441b849ae8ef17600f0b00d4c573dd21da311af
Size

1.4MB
Sample

221123-p2hs3afg8y
MD5

5767048bea30e525e28042ec49c0bf1a
SHA1

18b156569e9a91cb5a6e484e3ee018539704fa2c
SHA256

e849e9c54d0af4b566e025cea441b849ae8ef17600f0b00d4c573dd21da311af
SHA512

47bb86022569d8a36500693baefee77dcdfd086585d7a8c29141294a254ca1a4ef0513a163cafc3ac7b63853d123d1289d50a02033be836ff902493fcf209172
SSDEEP

24576:b/iGnOdLr1TyV6WVuL0XHLR06fk0pDCt5KGiX:HncZTyV6WVuAtPfDGfKZX

Score

10^/10

darkcomet wrdex persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Wrdex

C2

127.0.0.1:1454

larryking.no-ip.biz:1454

Mutex

DC_MUTEX-7MQCAT1

Attributes

gencode
ujzd2CCjR7AN
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e849e9c54d0af4b566e025cea441b849ae8ef17600f0b00d4c573dd21da311af
- Size
  
  1.4MB
- MD5
  
  5767048bea30e525e28042ec49c0bf1a
- SHA1
  
  18b156569e9a91cb5a6e484e3ee018539704fa2c
- SHA256
  
  e849e9c54d0af4b566e025cea441b849ae8ef17600f0b00d4c573dd21da311af
- SHA512
  
  47bb86022569d8a36500693baefee77dcdfd086585d7a8c29141294a254ca1a4ef0513a163cafc3ac7b63853d123d1289d50a02033be836ff902493fcf209172
- SSDEEP
  
  24576:b/iGnOdLr1TyV6WVuL0XHLR06fk0pDCt5KGiX:HncZTyV6WVuAtPfDGfKZX
Score

10^/10

darkcomet wrdex persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometwrdexpersistencerattrojan

behavioral2

darkcometwrdexpersistencerattrojan