darkcomet | de1cea9691cf4f954a536e292f490f9d5cb6dc790fc3e04aa092ef043b966542 | Triage

Sharing

General

Target

CeleryBootstrapper.exe
Size

9.4MB
Sample

241007-xrjlls1hlr
MD5

163ccc21c6cabd3bea7bac0efa8b96b1
SHA1

8610ec2fd4e036f74efa69a76a2cd1d734032638
SHA256

de1cea9691cf4f954a536e292f490f9d5cb6dc790fc3e04aa092ef043b966542
SHA512

a23f682b94b7afaa4c7f16b176253a35e117bb30dbaa3539d5b3920608d47729cf556a984fa27a1e708fdee79949f8bc5fbb5822deb38cf754aeb7532f60db63
SSDEEP

98304:tEgLIRfyC7egWJ3iJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUs7OQU/:tEguhegD4fJOWs9XNBZ16M2cuUFQ

Score

10^/10

darkcomet sazan discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

iznnawt.localto.net:7786

Mutex

DC_MUTEX-HNEM7EN

Attributes

gencode
EjyhvgEc3y6V
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  CeleryBootstrapper.exe
- Size
  
  9.4MB
- MD5
  
  163ccc21c6cabd3bea7bac0efa8b96b1
- SHA1
  
  8610ec2fd4e036f74efa69a76a2cd1d734032638
- SHA256
  
  de1cea9691cf4f954a536e292f490f9d5cb6dc790fc3e04aa092ef043b966542
- SHA512
  
  a23f682b94b7afaa4c7f16b176253a35e117bb30dbaa3539d5b3920608d47729cf556a984fa27a1e708fdee79949f8bc5fbb5822deb38cf754aeb7532f60db63
- SSDEEP
  
  98304:tEgLIRfyC7egWJ3iJzdjf4fwraOWcD9XdMPABIw/t6KHDicVwzUs7OQU/:tEguhegD4fJOWs9XNBZ16M2cuUFQ
Score

10^/10

darkcomet sazan discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometsazandiscoveryevasionrattrojan

behavioral2

darkcometsazandiscoveryevasionrattrojan