darkcomet | 55aa5efd9cb6da6768ea30624283f7155b19274d9e042afedc722c005e7ee211 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55aa5efd9cb6da6768ea30624283f7155b19274d9e042afedc722c005e7ee211
Size

1.5MB
Sample

221125-lxap4scf2z
MD5

370481138474cfcf39b8224c51f6be27
SHA1

bc5e1ba878f76bf7e5e61d8c49c00b980236c70d
SHA256

55aa5efd9cb6da6768ea30624283f7155b19274d9e042afedc722c005e7ee211
SHA512

b8c9a986eeb33aa3b8d51d1e9292dc6b400b42889d5b4e5ab413bc250769c99fb9a53174d0ff3b9bafae6da337a875683c95415ed99f1957177da556407f462b
SSDEEP

24576:jiBIGkbxqEcjsWiDxguehC2SF84fSGTEmSSautCzbqbtiEBCx6jq5Yzd5uQWQoq:mCUumo2EffYSab/qbpBCQf5Bloq

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

2.tcp.ngrok.io:17588

Mutex

DC_MUTEX-WW1H6BV

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
WSfeNvq2d8Yr
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  55aa5efd9cb6da6768ea30624283f7155b19274d9e042afedc722c005e7ee211
- Size
  
  1.5MB
- MD5
  
  370481138474cfcf39b8224c51f6be27
- SHA1
  
  bc5e1ba878f76bf7e5e61d8c49c00b980236c70d
- SHA256
  
  55aa5efd9cb6da6768ea30624283f7155b19274d9e042afedc722c005e7ee211
- SHA512
  
  b8c9a986eeb33aa3b8d51d1e9292dc6b400b42889d5b4e5ab413bc250769c99fb9a53174d0ff3b9bafae6da337a875683c95415ed99f1957177da556407f462b
- SSDEEP
  
  24576:jiBIGkbxqEcjsWiDxguehC2SF84fSGTEmSSautCzbqbtiEBCx6jq5Yzd5uQWQoq:mCUumo2EffYSab/qbpBCQf5Bloq
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionpersistencerattrojan

behavioral2

darkcometguest16evasionpersistencerattrojan