darkcomet | c1990fc60695c907817670cb510764eab966c0581ce825820999d42e1d4a930b | Triage

Sharing

General

Target

easyMalicious1845a1255c8d.exe
Size

948KB
Sample

230704-t1t7xsfd67
MD5

81aa0004ab6395cc670810ec1912133a
SHA1

94a2f9f9f9e050c1fed207ddd51c2c3dee15b80e
SHA256

c1990fc60695c907817670cb510764eab966c0581ce825820999d42e1d4a930b
SHA512

098e82d9269de8a31048bda1b5e92bfdbe059f3d8b910eb66a1574f03f9ffe035dcd3e4e93ce2c9a11bf574093183a3845157f3e767d9dd8db710fcebfe94c68
SSDEEP

24576:GZ1xuVVjfFoynPaVBUR8f+kN10EBgu+DK7L:WQDgok30hu+IL

Score

10^/10

darkcomet metin2 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

metin2

C2

127.0.0.1:1337

192.168.1.6:1337

eminreyiz421.duckdns.org:1337

Mutex

DC_MUTEX-CCXVC7A

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
wflW6toZeCtJ
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  easyMalicious1845a1255c8d.exe
- Size
  
  948KB
- MD5
  
  81aa0004ab6395cc670810ec1912133a
- SHA1
  
  94a2f9f9f9e050c1fed207ddd51c2c3dee15b80e
- SHA256
  
  c1990fc60695c907817670cb510764eab966c0581ce825820999d42e1d4a930b
- SHA512
  
  098e82d9269de8a31048bda1b5e92bfdbe059f3d8b910eb66a1574f03f9ffe035dcd3e4e93ce2c9a11bf574093183a3845157f3e767d9dd8db710fcebfe94c68
- SSDEEP
  
  24576:GZ1xuVVjfFoynPaVBUR8f+kN10EBgu+DK7L:WQDgok30hu+IL
Score

10^/10

darkcomet metin2 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

metin2darkcomet

behavioral1

darkcometmetin2persistencerattrojan

behavioral2

darkcometmetin2persistencerattrojan