darkcomet | e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c | Triage

Sharing

General

Target

e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c
Size

700KB
Sample

221206-vabtbsef89
MD5

bdf17ff679149c3b8149bb9a7f5b882c
SHA1

1778fc7682d99c896da7e27328901a64763df2a3
SHA256

e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c
SHA512

19d27751fe0e35891173eef586247f67de15b75b0a659e52609dc31c0e0e760f4ad5f3242ca867d1760bb42f3ef9911c1bc1289e412c7e491986a9d8208797a2
SSDEEP

12288:vbKlFwfZCvqTtABYhuQF0bFtNU9jPldHNnJ9Is7rG5C37TZHXxFnrxO+uNUqx:vb4wfZdTts8uQeuJR8d5uTrZA/x

Score

10^/10

darkcomet evasion persistence rat trojan

Malware Config

Targets

- Target
  
  e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c
- Size
  
  700KB
- MD5
  
  bdf17ff679149c3b8149bb9a7f5b882c
- SHA1
  
  1778fc7682d99c896da7e27328901a64763df2a3
- SHA256
  
  e9cb5421c2efcd767017b35b8c5e50f279f467c4c7bde0b6a24a9d6d4465648c
- SHA512
  
  19d27751fe0e35891173eef586247f67de15b75b0a659e52609dc31c0e0e760f4ad5f3242ca867d1760bb42f3ef9911c1bc1289e412c7e491986a9d8208797a2
- SSDEEP
  
  12288:vbKlFwfZCvqTtABYhuQF0bFtNU9jPldHNnJ9Is7rG5C37TZHXxFnrxO+uNUqx:vb4wfZdTts8uQeuJR8d5uTrZA/x
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan