darkcomet | 32c5cdbbd37c34c5d38ceed5bbf657f74b2629596e8b8635e8e888bb51117a0e | Triage

Sharing

General

Target

FivemFreeUpdated.exe
Size

756KB
Sample

240503-xk2tlsdc6v
MD5

507d6f31d2798d62caf36db241b42421
SHA1

f0ac3a0f5c1edc91cf78d713400a0d3a0aba5844
SHA256

32c5cdbbd37c34c5d38ceed5bbf657f74b2629596e8b8635e8e888bb51117a0e
SHA512

ae39793b5312fffea3a68684bffb3800a6dd7cb2327e9da0470cfb05fa4e1a7457ec394da9c7ccea2ec44a01a05fddacc14f4430ba0d63e9766d32d4e2c8d270
SSDEEP

12288:Q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h5i:0Z1xuVVjfFoynPaVBUR8f+kN10EBO

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

fivemexternal.ddns.net:5529

Mutex

DC_MUTEX-RULX6G9

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
qMSWXMpj99bp
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  FivemFreeUpdated.exe
- Size
  
  756KB
- MD5
  
  507d6f31d2798d62caf36db241b42421
- SHA1
  
  f0ac3a0f5c1edc91cf78d713400a0d3a0aba5844
- SHA256
  
  32c5cdbbd37c34c5d38ceed5bbf657f74b2629596e8b8635e8e888bb51117a0e
- SHA512
  
  ae39793b5312fffea3a68684bffb3800a6dd7cb2327e9da0470cfb05fa4e1a7457ec394da9c7ccea2ec44a01a05fddacc14f4430ba0d63e9766d32d4e2c8d270
- SSDEEP
  
  12288:Q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h5i:0Z1xuVVjfFoynPaVBUR8f+kN10EBO
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionpersistencerattrojan