darkcomet

General

Target

c5f795a5a480816968c0b81e21b7c8c4cee2d6238c61b91272c64b288a37695b
Size

1.7MB
Sample

221123-s637cadb88
MD5

4780a736b0352152970be6cc5434f42a
SHA1

96d1966524efd11be1a5c1b4efd5c6d360a7b2aa
SHA256

c5f795a5a480816968c0b81e21b7c8c4cee2d6238c61b91272c64b288a37695b
SHA512

198bb86a2e661120f8fbadf2a09d0f5524be4538ed24661d4a0d6ec05d2179d286dc412dca8475322d55425220c213c0f2c45b8bd5d73571ec457952a4c4df23
SSDEEP

49152:wkwkn9IMHeaxoC9S2B7mR8RK1D4EUzx7DXaPCS:LdnVCC9S2RRK1Kzx7mPC

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Duck2

C2

ranger.duckdns.org:2075

Mutex

DCMIN_MUTEX-7K26RQC

Attributes

gencode
MB4XqMtTFrZY
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  c5f795a5a480816968c0b81e21b7c8c4cee2d6238c61b91272c64b288a37695b
- Size
  
  1.7MB
- MD5
  
  4780a736b0352152970be6cc5434f42a
- SHA1
  
  96d1966524efd11be1a5c1b4efd5c6d360a7b2aa
- SHA256
  
  c5f795a5a480816968c0b81e21b7c8c4cee2d6238c61b91272c64b288a37695b
- SHA512
  
  198bb86a2e661120f8fbadf2a09d0f5524be4538ed24661d4a0d6ec05d2179d286dc412dca8475322d55425220c213c0f2c45b8bd5d73571ec457952a4c4df23
- SSDEEP
  
  49152:wkwkn9IMHeaxoC9S2B7mR8RK1D4EUzx7DXaPCS:LdnVCC9S2RRK1Kzx7mPC
Score

10^/10

darkcomet duck2 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2