darkcomet | c03ceac228682cb065616d2e7f91150b4ef0506c6f8108506b241f83d6cee2e6 | Triage

Sharing

General

Target

c03ceac228682cb065616d2e7f91150b4ef0506c6f8108506b241f83d6cee2e6
Size

661KB
Sample

221123-s567lsdb54
MD5

c812a3aa218ccd45ee3836dc8ea4e255
SHA1

4a6a93af89d70e8460b38f72d2567df52d7eed25
SHA256

c03ceac228682cb065616d2e7f91150b4ef0506c6f8108506b241f83d6cee2e6
SHA512

9c2c84431341af7bd0239c3f2b4591d130a98fe0c104e105a299e83aad4c951c7e987215198161f657532acb7683211a934090daf5c215c606658c8c81b82878
SSDEEP

12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/he:BZ1xuVVjfFoynPaVBUR8f+kN10EB4

Score

10^/10

darkcomet yeni kurban persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Yeni Kurban

C2

casperdark.no-ip.biz:1604

Mutex

NIGGERS_ARE_COOL

Attributes

InstallPath
Google\GoogleUpdaterc.exe
gencode
b9FA7aRUGbCe
install
true
offline_keylogger
true
persistence
false
reg_key
GoogleUpdater

Targets

- Target
  
  c03ceac228682cb065616d2e7f91150b4ef0506c6f8108506b241f83d6cee2e6
- Size
  
  661KB
- MD5
  
  c812a3aa218ccd45ee3836dc8ea4e255
- SHA1
  
  4a6a93af89d70e8460b38f72d2567df52d7eed25
- SHA256
  
  c03ceac228682cb065616d2e7f91150b4ef0506c6f8108506b241f83d6cee2e6
- SHA512
  
  9c2c84431341af7bd0239c3f2b4591d130a98fe0c104e105a299e83aad4c951c7e987215198161f657532acb7683211a934090daf5c215c606658c8c81b82878
- SSDEEP
  
  12288:n9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/he:BZ1xuVVjfFoynPaVBUR8f+kN10EB4
Score

10^/10

darkcomet yeni kurban persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

yeni kurbandarkcomet

behavioral1

darkcometyeni kurbanpersistencerattrojan

behavioral2

darkcometyeni kurbanpersistencerattrojan