darkcomet | 43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09 | Triage

Sharing

General

Target

43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
Size

1.1MB
Sample

240314-xsr95scd8v
MD5

8cae7b7712c8db2a4896e15635953d93
SHA1

aa362e6fb974dd0d2e0322d3c9c076c842765823
SHA256

43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
SHA512

f5f83ab8fd44c08d2c33b3bd8a1197737fdcda03985acdd218f414cfd40359257cf4df3f7c62a8ad435c983fcd9445a45dd9d3fef8d7e3bad521f3493d478e8d
SSDEEP

24576:9Z1xuVVjfFoynPaVBUR8f+kN10EdcESg2WfrG31X:HQDgok30bESg9frGX

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

46.148.21.34:3128

Mutex

DC_MUTEX-5NGFKSE

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
5KiVbE9BkMJo
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
- Size
  
  1.1MB
- MD5
  
  8cae7b7712c8db2a4896e15635953d93
- SHA1
  
  aa362e6fb974dd0d2e0322d3c9c076c842765823
- SHA256
  
  43073226301eeeb038faa18c034a87a396544f0b7e96d8999a74369a5847cf09
- SHA512
  
  f5f83ab8fd44c08d2c33b3bd8a1197737fdcda03985acdd218f414cfd40359257cf4df3f7c62a8ad435c983fcd9445a45dd9d3fef8d7e3bad521f3493d478e8d
- SSDEEP
  
  24576:9Z1xuVVjfFoynPaVBUR8f+kN10EdcESg2WfrG31X:HQDgok30bESg9frGX
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionpersistencerattrojan

behavioral2

darkcometguest16evasionpersistencerattrojan