darkcomet | 6cde6ee1b9c49e50d2730dc72111f4ed07e6cecca1ea447085a4707509c427b3 | Triage

Sharing

General

Target

6cde6ee1b9c49e50d2730dc72111f4ed07e6cecca1ea447085a4707509c427b3
Size

900KB
Sample

221203-cbqd1aeb26
MD5

353363e2a1f090ed0936349a8b64abb0
SHA1

c6d1690789e404a9b4d096c5746e0891697d3ce4
SHA256

6cde6ee1b9c49e50d2730dc72111f4ed07e6cecca1ea447085a4707509c427b3
SHA512

4578ab61e7c7d55aec016287951319a1e364983ce1a8f740ebf100c9462652885d0eab866d379d62a0b409eb2bb3f790d8c8bcaa6028c44553c6eb4c82db9f65
SSDEEP

24576:jDKIe5GiyseoVIAmBpVKHu0Mu9Xo20VGLVP5:jyGkrVIAmKZV

Score

10^/10

darkcomet persistence rat trojan

Malware Config

Targets

- Target
  
  6cde6ee1b9c49e50d2730dc72111f4ed07e6cecca1ea447085a4707509c427b3
- Size
  
  900KB
- MD5
  
  353363e2a1f090ed0936349a8b64abb0
- SHA1
  
  c6d1690789e404a9b4d096c5746e0891697d3ce4
- SHA256
  
  6cde6ee1b9c49e50d2730dc72111f4ed07e6cecca1ea447085a4707509c427b3
- SHA512
  
  4578ab61e7c7d55aec016287951319a1e364983ce1a8f740ebf100c9462652885d0eab866d379d62a0b409eb2bb3f790d8c8bcaa6028c44553c6eb4c82db9f65
- SSDEEP
  
  24576:jDKIe5GiyseoVIAmBpVKHu0Mu9Xo20VGLVP5:jyGkrVIAmKZV
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan