darkcomet | fba71d7e42c54406f33bfc7fb376513f3a3a5e6056e93567117c51b919a18581 | Triage

Sharing

General

Target

fba71d7e42c54406f33bfc7fb376513f3a3a5e6056e93567117c51b919a18581
Size

844KB
Sample

221123-ptyjjsfd3w
MD5

5a1a76f5d6652816ec4bcb7cabead9a4
SHA1

150b6d0ce62b21a0b99e850c392b35c620360d99
SHA256

fba71d7e42c54406f33bfc7fb376513f3a3a5e6056e93567117c51b919a18581
SHA512

ee9042b2e7cabc361701c131ead0f8eb1061639c90a5d01d77b54ab1e4c9cd018831607408d2fada544605f70e24a6bd2895464d695016fc44b11da06e9c2c32
SSDEEP

24576:9TSeM/uDIUuEPFQE+mYeg/Sia3aaBPJWxMjg:VCuDIUlPFv+mY36F9BP5jg

Score

10^/10

darkcomet guest16_min persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

markgraham.noip.me:2124

Mutex

DCMIN_MUTEX-FUSP59W

Attributes

gencode
Le3UD9gfvz8p
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  fba71d7e42c54406f33bfc7fb376513f3a3a5e6056e93567117c51b919a18581
- Size
  
  844KB
- MD5
  
  5a1a76f5d6652816ec4bcb7cabead9a4
- SHA1
  
  150b6d0ce62b21a0b99e850c392b35c620360d99
- SHA256
  
  fba71d7e42c54406f33bfc7fb376513f3a3a5e6056e93567117c51b919a18581
- SHA512
  
  ee9042b2e7cabc361701c131ead0f8eb1061639c90a5d01d77b54ab1e4c9cd018831607408d2fada544605f70e24a6bd2895464d695016fc44b11da06e9c2c32
- SSDEEP
  
  24576:9TSeM/uDIUuEPFQE+mYeg/Sia3aaBPJWxMjg:VCuDIUlPFv+mY36F9BP5jg
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan