darkcomet | c6ef17c3bfa0782631efaa9ac9583001af5c59ce3eb8dcce447cba0a800ecd0d | Triage

Sharing

General

Target

c6ef17c3bfa0782631efaa9ac9583001af5c59ce3eb8dcce447cba0a800ecd0d
Size

417KB
Sample

221123-s56k3sdb53
MD5

1be902072d94a1e0d22d394c8414d757
SHA1

27c7f65fc7a19d438937fe812e32557338306343
SHA256

c6ef17c3bfa0782631efaa9ac9583001af5c59ce3eb8dcce447cba0a800ecd0d
SHA512

b088869a8d2625d3c64a63bcc9493b65b0cc8ce71f9830b5dfcce1c19cb9acae97efee34fd4854e55a1288f430a497efb89467f0510a1c97e2a25de97c747fc9
SSDEEP

6144:lRA4+az0ZWOh5dj8j21f2p3CMSnltlDM/azp6059JEnR7clmvZnPKeFd4MK5:P+O5OPpNsp7cnF00TG3v9CMW

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-519RBGD

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
cpFKDmBotPg4
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  c6ef17c3bfa0782631efaa9ac9583001af5c59ce3eb8dcce447cba0a800ecd0d
- Size
  
  417KB
- MD5
  
  1be902072d94a1e0d22d394c8414d757
- SHA1
  
  27c7f65fc7a19d438937fe812e32557338306343
- SHA256
  
  c6ef17c3bfa0782631efaa9ac9583001af5c59ce3eb8dcce447cba0a800ecd0d
- SHA512
  
  b088869a8d2625d3c64a63bcc9493b65b0cc8ce71f9830b5dfcce1c19cb9acae97efee34fd4854e55a1288f430a497efb89467f0510a1c97e2a25de97c747fc9
- SSDEEP
  
  6144:lRA4+az0ZWOh5dj8j21f2p3CMSnltlDM/azp6059JEnR7clmvZnPKeFd4MK5:P+O5OPpNsp7cnF00TG3v9CMW
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16evasionpersistencerattrojan

behavioral2

darkcometguest16evasionpersistencerattrojan