darkcomet | 691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52 | Triage

Sharing

General

Target

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52
Size

841KB
Sample

221123-s7alesgc5y
MD5

e6d83128c82968d936bf489a3a9ff015
SHA1

107d4055d83a6d4615117d1f5016d760e2f1c715
SHA256

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52
SHA512

1aca1faca7bc226712f6dffd3e936600ab916c85caf8bca231e2872f259df4519ed8e43daf317b1ef286b644bcd83fbb74fe5136da5f4430d5f042e269e65e76
SSDEEP

24576:Bz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffFjg:p7D2qu2VYfNwqsFjg

Score

10^/10

darkcomet members persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Members

C2

emkadns.uni.me:2121

Mutex

DCMIN_MUTEX-LBZLRNM

Attributes

gencode
mCrAswFlmnAx
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52
- Size
  
  841KB
- MD5
  
  e6d83128c82968d936bf489a3a9ff015
- SHA1
  
  107d4055d83a6d4615117d1f5016d760e2f1c715
- SHA256
  
  691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52
- SHA512
  
  1aca1faca7bc226712f6dffd3e936600ab916c85caf8bca231e2872f259df4519ed8e43daf317b1ef286b644bcd83fbb74fe5136da5f4430d5f042e269e65e76
- SSDEEP
  
  24576:Bz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffFjg:p7D2qu2VYfNwqsFjg
Score

10^/10

darkcomet members persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometmemberspersistencerattrojan

behavioral2

darkcometmemberspersistencerattrojan