darkcomet | e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b | Triage

Sharing

General

Target

e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b
Size

749KB
Sample

221205-hcr7wadg52
MD5

0fa0bc909e6d9e0bb7e698218d120876
SHA1

497f99755892941b0633f1d8832a148829181903
SHA256

e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b
SHA512

1b16a3b25265c58adf10791058dff9d70170dcf87e6a442d565c152f18546273551b26b961d02214223be8629f36094c41b6f1d6353c62b93dce71d6fa6d460b
SSDEEP

12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ56hyF:vZ1xuVVjfFoynPaVBUR8f+kN10EB0s

Score

10^/10

darkcomet hf evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

kwuized.no-ip.org:1337

Mutex

DC_MUTEX-QV66CVE

Attributes

InstallPath
java32\java.exe
gencode
5lCMhl74ZrH0
install
true
offline_keylogger
true
persistence
true
reg_key
java

Targets

- Target
  
  e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b
- Size
  
  749KB
- MD5
  
  0fa0bc909e6d9e0bb7e698218d120876
- SHA1
  
  497f99755892941b0633f1d8832a148829181903
- SHA256
  
  e7d43bebb030cbad0b3bb78b3da502427030ef6daa39a888851d93bbc5015c2b
- SHA512
  
  1b16a3b25265c58adf10791058dff9d70170dcf87e6a442d565c152f18546273551b26b961d02214223be8629f36094c41b6f1d6353c62b93dce71d6fa6d460b
- SSDEEP
  
  12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ56hyF:vZ1xuVVjfFoynPaVBUR8f+kN10EB0s
Score

10^/10

darkcomet hf evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethfevasionpersistencerattrojan

behavioral2