darkcomet | 73e3f5f3a5eb61b033ab5ebe7aa3f748947ec628cbb73a14d149ee601961d6ec | Triage

Sharing

General

Target

73e3f5f3a5eb61b033ab5ebe7aa3f748947ec628cbb73a14d149ee601961d6ec
Size

1.4MB
Sample

221123-s7e6xadc28
MD5

e2e1617906e695fe2c0024f5c59e2ad3
SHA1

25a4ed069253693ea22d6c9a68990414d4495f77
SHA256

73e3f5f3a5eb61b033ab5ebe7aa3f748947ec628cbb73a14d149ee601961d6ec
SHA512

0769f27eee819fd0cb7c0e15c4c08ff5b963285d9f14e1c0e18a4a531dfb4a9872c42e4e60801d9156c03bfe7d77d70d503dbf91e89096036c0707143c46f49f
SSDEEP

24576:oNW4777TMDr06+hJeGKa1ezhIDyG53W7Evr2ULRiYvQeG8C0tUajUU2AQ4P4qJ1c:qW47TM/06A1ezhuyG9WAz20iYvQctx2G

Score

10^/10

darkcomet wrdex persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Wrdex

C2

127.0.0.1:1454

larryking.no-ip.biz:1454

Mutex

DC_MUTEX-7MQCAT1

Attributes

gencode
ujzd2CCjR7AN
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  73e3f5f3a5eb61b033ab5ebe7aa3f748947ec628cbb73a14d149ee601961d6ec
- Size
  
  1.4MB
- MD5
  
  e2e1617906e695fe2c0024f5c59e2ad3
- SHA1
  
  25a4ed069253693ea22d6c9a68990414d4495f77
- SHA256
  
  73e3f5f3a5eb61b033ab5ebe7aa3f748947ec628cbb73a14d149ee601961d6ec
- SHA512
  
  0769f27eee819fd0cb7c0e15c4c08ff5b963285d9f14e1c0e18a4a531dfb4a9872c42e4e60801d9156c03bfe7d77d70d503dbf91e89096036c0707143c46f49f
- SSDEEP
  
  24576:oNW4777TMDr06+hJeGKa1ezhIDyG53W7Evr2ULRiYvQeG8C0tUajUU2AQ4P4qJ1c:qW47TM/06A1ezhuyG9WAz20iYvQctx2G
Score

10^/10

darkcomet wrdex persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometwrdexpersistencerattrojan

behavioral2

darkcometwrdexpersistencerattrojan