darkcomet | 03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee | Triage

Sharing

General

Target

03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
Size

968KB
Sample

221130-rqf67sgg95
MD5

f27e2348eaca8df7a62a806ee14d6229
SHA1

5f90c0a83d867cf265fedffa101db91f5e094d4b
SHA256

03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
SHA512

f2c893f768ea06e4c3c013edb00b70d4eab7fdb2520f668460320561fdca846eaf61e8a6246c3287fe5af0061ee177bdc8a8560df636a599a6ad56888ca88456
SSDEEP

12288:OR49o2m/kijD3tUL/SW+vZi3G0khHCpp1tlAhpoz1qODJXXn3n0kZJWb:4qyhDyLf2wW064dlYwqOJXnkk/W

Score

10^/10

darkcomet spy persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Spy

C2

127.0.0.1:1604

nibiru3.duckdns.org:1604

nibiru33.duckdns.org:1604

Mutex

DC_MUTEX-QE733CL

Attributes

InstallPath
MSDCSC\Audio Realtek Driver.exe
gencode
slqYakBDdplF
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
- Size
  
  968KB
- MD5
  
  f27e2348eaca8df7a62a806ee14d6229
- SHA1
  
  5f90c0a83d867cf265fedffa101db91f5e094d4b
- SHA256
  
  03418a14a8d2fa686d31747cfefe6bd824dcb782dd602c19fa7efd77585fd1ee
- SHA512
  
  f2c893f768ea06e4c3c013edb00b70d4eab7fdb2520f668460320561fdca846eaf61e8a6246c3287fe5af0061ee177bdc8a8560df636a599a6ad56888ca88456
- SSDEEP
  
  12288:OR49o2m/kijD3tUL/SW+vZi3G0khHCpp1tlAhpoz1qODJXXn3n0kZJWb:4qyhDyLf2wW064dlYwqOJXnkk/W
Score

10^/10

darkcomet spy persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometspypersistencerattrojan

behavioral2

darkcometspyrattrojan