darkcomet | 46c507a40e47d5e39ca2b03b7e33e683a21905c3e72695f69f97c1e3e94a7ed8 | Triage

Sharing

General

Target

46c507a40e47d5e39ca2b03b7e33e683a21905c3e72695f69f97c1e3e94a7ed8
Size

544KB
Sample

221123-rsbdqshd46
MD5

6ca558a577e73859ab82721c95eb3b79
SHA1

57cc183e4bab2e13eb9851d34829f562a143f70f
SHA256

46c507a40e47d5e39ca2b03b7e33e683a21905c3e72695f69f97c1e3e94a7ed8
SHA512

c67245bbf89a0740c84463c6e9befb3f6944abbe7dbd24c4a670b1060f30bc8390cf76dac0b3c7b681e4a1aa4af84242e78b8b4ee550f5357883cd3cd645978e
SSDEEP

6144:vHTlV0txauTZ4UvFD2ih3+xGEV51BeR314dNjPdNGbFU2UDeZCux81Kb8QQIk3af:McnUFdpq5zNLdNGb+eHcKbrRoXOSGeW

Score

10^/10

darkcomet aug 24 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Aug 24

C2

cubasite1.ddns.net:1607

Mutex

DC_MUTEX-9D1T453

Attributes

gencode
D8hMoUDE2Wdn
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  46c507a40e47d5e39ca2b03b7e33e683a21905c3e72695f69f97c1e3e94a7ed8
- Size
  
  544KB
- MD5
  
  6ca558a577e73859ab82721c95eb3b79
- SHA1
  
  57cc183e4bab2e13eb9851d34829f562a143f70f
- SHA256
  
  46c507a40e47d5e39ca2b03b7e33e683a21905c3e72695f69f97c1e3e94a7ed8
- SHA512
  
  c67245bbf89a0740c84463c6e9befb3f6944abbe7dbd24c4a670b1060f30bc8390cf76dac0b3c7b681e4a1aa4af84242e78b8b4ee550f5357883cd3cd645978e
- SSDEEP
  
  6144:vHTlV0txauTZ4UvFD2ih3+xGEV51BeR314dNjPdNGbFU2UDeZCux81Kb8QQIk3af:McnUFdpq5zNLdNGb+eHcKbrRoXOSGeW
Score

10^/10

darkcomet aug 24 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometaug 24persistencerattrojan

behavioral2

darkcometaug 24persistencerattrojan