darkcomet | 59a0e7d0bfcc51a30a03d8e593efc404c6c80293e8f130f34122a4fb2bcf3103 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e0d91d2f53c8972b85474a0af5a4ccd
Size

835KB
Sample

231225-t8fz9safb9
MD5

2e0d91d2f53c8972b85474a0af5a4ccd
SHA1

579424294f6b61994420553324262fa870122c28
SHA256

59a0e7d0bfcc51a30a03d8e593efc404c6c80293e8f130f34122a4fb2bcf3103
SHA512

d254b1b4a448840ab612c6ab4b370f519a00825988c8d9f61427a17cd847b884563d2209d01fd9d5729f381fcfc8bc51cca8450b5ea631a8b415c86e7910785e
SSDEEP

12288:94xkDWn1noBIR2ZWyJn5hKaPysbikwlc4FToFu8SMr23:9UpnfnyMaPysbiDO4ZoFu/v

Score

10^/10

darkcomet 0pf3rs_upd43t.v2 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

0pf3rS_uPd43T.v2

C2

dasistmeineip.no-ip.org:51337

Mutex

DCMIN_MUTEX-CCK1K0P

Attributes

InstallPath
WinRAR\WinRAR.exe
gencode
D2mEbEcEBi6r
install
true
offline_keylogger
true
persistence
false
reg_key
WinRAR

Targets

- Target
  
  2e0d91d2f53c8972b85474a0af5a4ccd
- Size
  
  835KB
- MD5
  
  2e0d91d2f53c8972b85474a0af5a4ccd
- SHA1
  
  579424294f6b61994420553324262fa870122c28
- SHA256
  
  59a0e7d0bfcc51a30a03d8e593efc404c6c80293e8f130f34122a4fb2bcf3103
- SHA512
  
  d254b1b4a448840ab612c6ab4b370f519a00825988c8d9f61427a17cd847b884563d2209d01fd9d5729f381fcfc8bc51cca8450b5ea631a8b415c86e7910785e
- SSDEEP
  
  12288:94xkDWn1noBIR2ZWyJn5hKaPysbikwlc4FToFu8SMr23:9UpnfnyMaPysbiDO4ZoFu/v
Score

10^/10

darkcomet 0pf3rs_upd43t.v2 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet0pf3rs_upd43t.v2persistencerattrojan

behavioral2