darkcomet | 2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb | Triage

Sharing

General

Target

2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
Size

824KB
Sample

221125-d6gk1shd72
MD5

e9e660f7c3c0ef6669166b8bc82a2e2f
SHA1

ecabe80e9e1ae605662b75e6a72da8021e19cf5c
SHA256

2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
SHA512

3f56df328ae2404728afa24bbb08aacf52aa257b0b2ef9e7c251ab8cdac92b4b0a26f230d10b9fb4fb8f77a64b5c8d49802ed7decd68b59bfa924bd7f9a0fca4
SSDEEP

12288:0Ed5sjrZovwodrI0x+GT2zLv5MBk7GYhI7/2UcDt4rsHKwEnuXFlazlBtljO5h:0Ed5AZoJdrIJ42nxGkEcWsH9S9K

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

cyphers.duckdns.org:1604

Cyphers.crabdance.com:1604

Mutex

DC_MUTEX-T8G359H

Attributes

gencode
v47Cw5Ag1r9Z
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
- Size
  
  824KB
- MD5
  
  e9e660f7c3c0ef6669166b8bc82a2e2f
- SHA1
  
  ecabe80e9e1ae605662b75e6a72da8021e19cf5c
- SHA256
  
  2854f35831f06a94ccb475adc9316b392d85e29d7d5dd6680f3cc8c55f6836cb
- SHA512
  
  3f56df328ae2404728afa24bbb08aacf52aa257b0b2ef9e7c251ab8cdac92b4b0a26f230d10b9fb4fb8f77a64b5c8d49802ed7decd68b59bfa924bd7f9a0fca4
- SSDEEP
  
  12288:0Ed5sjrZovwodrI0x+GT2zLv5MBk7GYhI7/2UcDt4rsHKwEnuXFlazlBtljO5h:0Ed5AZoJdrIJ42nxGkEcWsH9S9K
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan