darkcomet | 9079c18a43d9c576c2f4ed584358db68bbbf3c390fb6612df4120fc05966970d | Triage

Sharing

General

Target

9079c18a43d9c576c2f4ed584358db68bbbf3c390fb6612df4120fc05966970d
Size

735KB
Sample

241101-shj4kasdml
MD5

7c4dab2aae3b500e62bcc2e69e2e2e1b
SHA1

5d4b0e4c0837094a15902c0a984351dbf7fe9bfb
SHA256

9079c18a43d9c576c2f4ed584358db68bbbf3c390fb6612df4120fc05966970d
SHA512

93266ff84c0533ce771a02dea4c78b67c7a0ff431554788633f63396cfb20373ef0269d96d3d2c7be1c8a373df41b782e36f8bab80fdd56c69af9cde9c5f030c
SSDEEP

12288:N6XW+BvXvl1sVpC0gu60tuyS6s3tjf/uAt2ewC3RFo/F:Nn+BvPZu6PyS6EdHuAtjw9/F

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.1.2:2221

Mutex

DC_MUTEX-CRH9ZTG

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
FadcphRiUJC6
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  9079c18a43d9c576c2f4ed584358db68bbbf3c390fb6612df4120fc05966970d
- Size
  
  735KB
- MD5
  
  7c4dab2aae3b500e62bcc2e69e2e2e1b
- SHA1
  
  5d4b0e4c0837094a15902c0a984351dbf7fe9bfb
- SHA256
  
  9079c18a43d9c576c2f4ed584358db68bbbf3c390fb6612df4120fc05966970d
- SHA512
  
  93266ff84c0533ce771a02dea4c78b67c7a0ff431554788633f63396cfb20373ef0269d96d3d2c7be1c8a373df41b782e36f8bab80fdd56c69af9cde9c5f030c
- SSDEEP
  
  12288:N6XW+BvXvl1sVpC0gu60tuyS6s3tjf/uAt2ewC3RFo/F:Nn+BvPZu6PyS6EdHuAtjw9/F
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan