darkcomet | 8d8cd5e4463edda11942a4b127af178b41683820fd0d193adf5da6d75534e2f2 | Triage

Sharing

General

Target

8d8cd5e4463edda11942a4b127af178b41683820fd0d193adf5da6d75534e2f2
Size

1.4MB
Sample

221201-by9wgsga31
MD5

7e97e65b7b90c1e50cf557c5b7454b4c
SHA1

9e3e0fa86d0b86d2ce1c6edee431024de9ab3643
SHA256

8d8cd5e4463edda11942a4b127af178b41683820fd0d193adf5da6d75534e2f2
SHA512

e6708066672f41f3dbc081683519a1147f4234b350a4d27014805faf8671769f120cb2d8b07df8b3e2c9e6bc447ef43e14de475437aece09b5055ab18e3003f4
SSDEEP

24576:lb/J+1ptt5Un9GYHogKGZCsYlPFbFdbEDSfacoo2:lbUxzikfss0

Score

10^/10

darkcomet hf rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

rabbo-hotel.nl:1604

Mutex

DC_MUTEX-7F8DZX7

Attributes

gencode
Jfjp26UvqMcH
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8d8cd5e4463edda11942a4b127af178b41683820fd0d193adf5da6d75534e2f2
- Size
  
  1.4MB
- MD5
  
  7e97e65b7b90c1e50cf557c5b7454b4c
- SHA1
  
  9e3e0fa86d0b86d2ce1c6edee431024de9ab3643
- SHA256
  
  8d8cd5e4463edda11942a4b127af178b41683820fd0d193adf5da6d75534e2f2
- SHA512
  
  e6708066672f41f3dbc081683519a1147f4234b350a4d27014805faf8671769f120cb2d8b07df8b3e2c9e6bc447ef43e14de475437aece09b5055ab18e3003f4
- SSDEEP
  
  24576:lb/J+1ptt5Un9GYHogKGZCsYlPFbFdbEDSfacoo2:lbUxzikfss0
Score

10^/10

darkcomet hf rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomethfrattrojan

behavioral2

darkcomethfrattrojan