darkcomet | b096d840ad64fc4e9b08a21e7598c81d04235f0287d3fc87e4d31929509af195 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b096d840ad64fc4e9b08a21e7598c81d04235f0287d3fc87e4d31929509af195
Size

658KB
Sample

221201-lxwbtabd8w
MD5

d4acae17062a2aa79dcf112b09328839
SHA1

4f8dd7465095bb52524fe573bee46212092a9587
SHA256

b096d840ad64fc4e9b08a21e7598c81d04235f0287d3fc87e4d31929509af195
SHA512

968f80d68cc42f421ee863a2a09845e9f5d846634cf117aca978b57096fc24345987e24309ad5107f8adee440fd8208a05bb218b4f23993d7478b0d4508e1b44
SSDEEP

12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hB:+Z1xuVVjfFoynPaVBUR8f+kN10EBP

Score

10^/10

darkcomet guest16_min persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

firstonewins.zapto.org:1604

Mutex

DCMIN_MUTEX-FQRVZCZ

Attributes

InstallPath
DCSCMIN\MDCSC.exe
gencode
l39jETxfdHur
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  b096d840ad64fc4e9b08a21e7598c81d04235f0287d3fc87e4d31929509af195
- Size
  
  658KB
- MD5
  
  d4acae17062a2aa79dcf112b09328839
- SHA1
  
  4f8dd7465095bb52524fe573bee46212092a9587
- SHA256
  
  b096d840ad64fc4e9b08a21e7598c81d04235f0287d3fc87e4d31929509af195
- SHA512
  
  968f80d68cc42f421ee863a2a09845e9f5d846634cf117aca978b57096fc24345987e24309ad5107f8adee440fd8208a05bb218b4f23993d7478b0d4508e1b44
- SSDEEP
  
  12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hB:+Z1xuVVjfFoynPaVBUR8f+kN10EBP
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16_mindarkcomet

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan