darkcomet

General

Target

ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
Size

656KB
Sample

221123-qm4yesed48
MD5

43cf563f1ec7d4e846fb8026b25dfd22
SHA1

8f17ea13d266f6000700264447eebcfca706ac87
SHA256

ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
SHA512

d526402638b4afd4510c7b18beff61b5eb16b2c69a8ec5a6b08b555b6fb52e022c8026b2db69c062f0f3ddb482b3f7ead0140350c2c795236971a2c7e0d302ca
SSDEEP

12288:p+zAJeM/XzsV9TBhwxPtztYHz4A7dfmHZJXPgu6Z08vm:p+8JX/Xz29TBO1BYT4A7Bmr4u6Z08m

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

IFY

C2

uche.ddns.net:1604

Mutex

DC_MUTEX-UU8NM43

Attributes

gencode
8tkYU6w6xNHG
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
- Size
  
  656KB
- MD5
  
  43cf563f1ec7d4e846fb8026b25dfd22
- SHA1
  
  8f17ea13d266f6000700264447eebcfca706ac87
- SHA256
  
  ae09e31694f993c501a0be510387740d2c0183746cd211e06df209832780f0bf
- SHA512
  
  d526402638b4afd4510c7b18beff61b5eb16b2c69a8ec5a6b08b555b6fb52e022c8026b2db69c062f0f3ddb482b3f7ead0140350c2c795236971a2c7e0d302ca
- SSDEEP
  
  12288:p+zAJeM/XzsV9TBhwxPtztYHz4A7dfmHZJXPgu6Z08vm:p+8JX/Xz29TBO1BYT4A7Bmr4u6Z08m
Score

10^/10

darkcomet ify persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies WinLogon for persistence

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2