darkcomet | e4362f31aa37f753652b5adedf8d51ae92a4f74360698d6be7cfdef5b4ea4462 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e4362f31aa37f753652b5adedf8d51ae92a4f74360698d6be7cfdef5b4ea4462
Size

756KB
Sample

221201-act3gabh6x
MD5

37b1b9a771f5272742a70f2d90185469
SHA1

5f8be95104ec96105e87fa54071a2cc4acad668b
SHA256

e4362f31aa37f753652b5adedf8d51ae92a4f74360698d6be7cfdef5b4ea4462
SHA512

583c9e3f9cbca53f840e4ff373bea5393775e16111788fd73b12657ca4e2b212e331195bb754367715f26d3824df95f677cd7013c1d9806a1e3933f6342e857a
SSDEEP

12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/ha:qZ1xuVVjfFoynPaVBUR8f+kN10EB0

Score

10^/10

darkcomet hf persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

jeton.no-ip.org:1604

Mutex

DC_MUTEX-AFGB0CE

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
3munUSYdE4Yp
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  e4362f31aa37f753652b5adedf8d51ae92a4f74360698d6be7cfdef5b4ea4462
- Size
  
  756KB
- MD5
  
  37b1b9a771f5272742a70f2d90185469
- SHA1
  
  5f8be95104ec96105e87fa54071a2cc4acad668b
- SHA256
  
  e4362f31aa37f753652b5adedf8d51ae92a4f74360698d6be7cfdef5b4ea4462
- SHA512
  
  583c9e3f9cbca53f840e4ff373bea5393775e16111788fd73b12657ca4e2b212e331195bb754367715f26d3824df95f677cd7013c1d9806a1e3933f6342e857a
- SSDEEP
  
  12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/ha:qZ1xuVVjfFoynPaVBUR8f+kN10EB0
Score

10^/10

darkcomet hf persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethfpersistencerattrojan

behavioral2

darkcomethfpersistencerattrojan