darkcomet

General

Target

e1a6613e77f8ae19a017d42d99a2b4b51e2e4a91b6c8105cc9d50d1d9de947e8
Size

1.4MB
Sample

221123-w18fnade35
MD5

f4fc3c0fcab1840be2093e33ae66a018
SHA1

30e9c92e50cc7c2a7ed8b0feb108517d407e73a0
SHA256

e1a6613e77f8ae19a017d42d99a2b4b51e2e4a91b6c8105cc9d50d1d9de947e8
SHA512

d12d34a9b9a42ffc84c3a5e5ec3d1c738cf00de6a0142ba3d2621afbd1493bed7063f0f06257c5c12b7b8e8404ad410c67cef4746ee87d2b2825105d3169bb57
SSDEEP

24576:/2O/GlWvLA3yu7lhlHkNtHAsfQ5z798aQgMCa84e8XHXKkX:3UCu7l8NbfQ539oNCa8+3xX

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Newest7

C2

kitx1029.ddns.net:9001

Mutex

DC_MUTEX-XL4JBP8

Attributes

gencode
QnmjhyVmSgKB
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e1a6613e77f8ae19a017d42d99a2b4b51e2e4a91b6c8105cc9d50d1d9de947e8
- Size
  
  1.4MB
- MD5
  
  f4fc3c0fcab1840be2093e33ae66a018
- SHA1
  
  30e9c92e50cc7c2a7ed8b0feb108517d407e73a0
- SHA256
  
  e1a6613e77f8ae19a017d42d99a2b4b51e2e4a91b6c8105cc9d50d1d9de947e8
- SHA512
  
  d12d34a9b9a42ffc84c3a5e5ec3d1c738cf00de6a0142ba3d2621afbd1493bed7063f0f06257c5c12b7b8e8404ad410c67cef4746ee87d2b2825105d3169bb57
- SSDEEP
  
  24576:/2O/GlWvLA3yu7lhlHkNtHAsfQ5z798aQgMCa84e8XHXKkX:3UCu7l8NbfQ539oNCa8+3xX
Score

10^/10

darkcomet newest7 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2