darkcomet | 49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d | Triage

Sharing

General

Target

49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
Size

2.8MB
Sample

221123-vvg6vada2s
MD5

0173cc2be471cac926c6104a2e8b986a
SHA1

ece1bcbb39f75fe8bc71801cca1bb1e6e2f030e5
SHA256

49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
SHA512

f6c6ea986a955390ee3470d8e887b428cb5d2043fd4d33fb24bd165d884e3e9a91c7fd231076225ab45b3ad85c466dca2ee536a0bb0c2804ee19e4aef1cb34ae
SSDEEP

49152:QVjnLacAxQU/a6MWvnUq6hE5k6iBPQ7pGy05Z+sSdSLyXTX9ykYN+EiTAr:8D+cAxQUa6MWvnUq6hgkvBPuYywSXjXW

Score

10^/10

darkcomet defors guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

darkcometratt.no-ip.org:1604

Mutex

DC_MUTEX-WG0MMGJ

Attributes

gencode
Rsl0xg3qg2h8
install
false
offline_keylogger
true
persistence
false

Extracted

Family

darkcomet

Botnet

DEFORS

C2

rsnoip.ddns.net:1997

Mutex

DCMIN_MUTEX-C5RDYJH

Attributes

gencode
NToT30g4twDC
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
- Size
  
  2.8MB
- MD5
  
  0173cc2be471cac926c6104a2e8b986a
- SHA1
  
  ece1bcbb39f75fe8bc71801cca1bb1e6e2f030e5
- SHA256
  
  49e75af5070d31e6e53a6bf37a509732fd8e61875e80e213704703ea3246171d
- SHA512
  
  f6c6ea986a955390ee3470d8e887b428cb5d2043fd4d33fb24bd165d884e3e9a91c7fd231076225ab45b3ad85c466dca2ee536a0bb0c2804ee19e4aef1cb34ae
- SSDEEP
  
  49152:QVjnLacAxQU/a6MWvnUq6hE5k6iBPQ7pGy05Z+sSdSLyXTX9ykYN+EiTAr:8D+cAxQUa6MWvnUq6hgkvBPuYywSXjXW
Score

10^/10

darkcomet defors guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdeforsguest16persistencerattrojan

behavioral2

darkcometdeforsguest16persistencerattrojan