darkcomet | 28711e96e760a3e740d1bfa3304d86504970fbf8b2184b675774ab3a2148a2f5 | Triage

Sharing

General

Target

28711e96e760a3e740d1bfa3304d86504970fbf8b2184b675774ab3a2148a2f5
Size

900KB
Sample

221125-d56hrace91
MD5

dc9d7b6a5110abb328bf595d056ce40d
SHA1

efab84b08c63cfe9fb703462a24a9961daa05b08
SHA256

28711e96e760a3e740d1bfa3304d86504970fbf8b2184b675774ab3a2148a2f5
SHA512

053179b603c513c7be82a355c9b7f0b7bf5edf4ccf083f533d8bf7a9da19dfe558c7ff08d3f7d61c4db28a2f2d72a1af5ce40cb580662ce1440bf97e35f7a16f
SSDEEP

12288:k0l9Cga3LAdaU+zV44yzQ9Jf/opEpZI5yRXyoQZDhQruxXV/9rPTzgbLgXy+Vo0K:j4iUCaLRpFX2WuxXVtPTEgC+60K

Score

10^/10

darkcomet summer persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

summer

C2

qsab98.no-ip.biz:1604

Mutex

DC_MUTEX-6G9L12L

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
6QgnJweVD4dH
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  28711e96e760a3e740d1bfa3304d86504970fbf8b2184b675774ab3a2148a2f5
- Size
  
  900KB
- MD5
  
  dc9d7b6a5110abb328bf595d056ce40d
- SHA1
  
  efab84b08c63cfe9fb703462a24a9961daa05b08
- SHA256
  
  28711e96e760a3e740d1bfa3304d86504970fbf8b2184b675774ab3a2148a2f5
- SHA512
  
  053179b603c513c7be82a355c9b7f0b7bf5edf4ccf083f533d8bf7a9da19dfe558c7ff08d3f7d61c4db28a2f2d72a1af5ce40cb580662ce1440bf97e35f7a16f
- SSDEEP
  
  12288:k0l9Cga3LAdaU+zV44yzQ9Jf/opEpZI5yRXyoQZDhQruxXV/9rPTzgbLgXy+Vo0K:j4iUCaLRpFX2WuxXVtPTEgC+60K
Score

10^/10

darkcomet summer persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometsummerpersistencerattrojan

behavioral2

darkcometsummerpersistencerattrojan