darkcomet | 21cabd77124daa5365171111e599e0d1451b11f2d8d051eef184fac01837f855 | Triage

Sharing

General

Target

21cabd77124daa5365171111e599e0d1451b11f2d8d051eef184fac01837f855
Size

839KB
Sample

221123-r59r3add91
MD5

716a5a605210a120fbf1ff9e5c51f05f
SHA1

b471a3fdea022668e3f57c9c1f0172f821b3e9d2
SHA256

21cabd77124daa5365171111e599e0d1451b11f2d8d051eef184fac01837f855
SHA512

e867601e8648e2508961a26d9bd33f560165425f16dfbd695ecf7d9d54052cbfeb35bcbed316eb3116fb236b4987a2b238cf7f62c046a4bd534b30105979ba82
SSDEEP

12288:QTIHhdXKcl+XRhORnhRZxdGJAVGWuCAIMd0coVXi3W8vsoxDrS7YlX:Qq3XK6+X3OR3Zxd6UwCydGVkW83Dr

Score

10^/10

darkcomet victims persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Victims

C2

mrchbk.noip.me:2123

Mutex

DC_MUTEX-EZ6YFTY

Attributes

gencode
4FUM8Qy2Ej7F
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  21cabd77124daa5365171111e599e0d1451b11f2d8d051eef184fac01837f855
- Size
  
  839KB
- MD5
  
  716a5a605210a120fbf1ff9e5c51f05f
- SHA1
  
  b471a3fdea022668e3f57c9c1f0172f821b3e9d2
- SHA256
  
  21cabd77124daa5365171111e599e0d1451b11f2d8d051eef184fac01837f855
- SHA512
  
  e867601e8648e2508961a26d9bd33f560165425f16dfbd695ecf7d9d54052cbfeb35bcbed316eb3116fb236b4987a2b238cf7f62c046a4bd534b30105979ba82
- SSDEEP
  
  12288:QTIHhdXKcl+XRhORnhRZxdGJAVGWuCAIMd0coVXi3W8vsoxDrS7YlX:Qq3XK6+X3OR3Zxd6UwCydGVkW83Dr
Score

10^/10

darkcomet victims persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometvictimspersistencerattrojan

behavioral2

darkcometvictimspersistencerattrojan