darkcomet | e796fc08bea28619cbe106acccd9e31fa7d5e66c0eb3a26c1db6092b39fbdb2c | Triage

Sharing

General

Target

1a162f03f13639874cc677de13df1693_JaffaCakes118
Size

1.1MB
Sample

241006-2kgkwsterd
MD5

1a162f03f13639874cc677de13df1693
SHA1

c7a0a880ffb2f715dda62b78d65e665b90b5b533
SHA256

e796fc08bea28619cbe106acccd9e31fa7d5e66c0eb3a26c1db6092b39fbdb2c
SHA512

de626f55e95046e145ae6caafc0c9dc90f56102e2b8cd28f10c13bf621489ac3fcce6976e3be874aaab4e3fab2ac75f5019df13e3f97af477321814165699380
SSDEEP

24576:xEWVsOJPN5wOkOj6+mGjkOj6+mGbb3XSkS5qLHRmuhNBM+YS56bDzvKDWm:WWVsOJPN5wO+Gj+G3XSksoxXNBM+Z56c

Score

10^/10

darkcomet dc discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

dc

C2

ksystyk.no-ip.info:6817

Mutex

DC_MUTEX-TKQCVJH

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
dB3a4RfYKMf0
install
true
offline_keylogger
true
password
123456
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  1a162f03f13639874cc677de13df1693_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  1a162f03f13639874cc677de13df1693
- SHA1
  
  c7a0a880ffb2f715dda62b78d65e665b90b5b533
- SHA256
  
  e796fc08bea28619cbe106acccd9e31fa7d5e66c0eb3a26c1db6092b39fbdb2c
- SHA512
  
  de626f55e95046e145ae6caafc0c9dc90f56102e2b8cd28f10c13bf621489ac3fcce6976e3be874aaab4e3fab2ac75f5019df13e3f97af477321814165699380
- SSDEEP
  
  24576:xEWVsOJPN5wOkOj6+mGjkOj6+mGbb3XSkS5qLHRmuhNBM+YS56bDzvKDWm:WWVsOJPN5wO+Gj+G3XSksoxXNBM+Z56c
Score

10^/10

darkcomet dc discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdcdiscoverypersistencerattrojan

behavioral2

darkcometdcdiscoverypersistencerattrojan