darkcomet | af6488903f41964f76e28c004f8cab733ce7a2a87c29eab6f38793e0ce852b1c | Triage

Sharing

General

Target

9c943557b7d3da63c59959399a2d955f_JaffaCakes118
Size

1.2MB
Sample

241125-tqfa1s1qbj
MD5

9c943557b7d3da63c59959399a2d955f
SHA1

e9bf91d66e31402f9572d66ea5af15144a7d3477
SHA256

af6488903f41964f76e28c004f8cab733ce7a2a87c29eab6f38793e0ce852b1c
SHA512

f912bbe7b668eca5c2e0d73af337e13d34aa75fcd2da111cea56a9d2db483f3c0eadd6311686a044a77bb05c27236cef7de7225d02dabfaeb56363946cb445ff
SSDEEP

24576:LGNlGewemxU45pCSJRHawJQEo9Ua2N7ocO2Z9SE8dszshLJvSbrFv0dOTu+Gd:4lGewfC45cu1JuEUUa25ocOdErzshd0M

Score

10^/10

darkcomet wuàuclt cant kill discovery evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

wuàuclt Cant kill

C2

minedroid.ddns.net:1604

minedroid1.ddns.net:1604

minedroid2.ddns.net:1604

minedroid.zapto.org:1604

Mutex

DC_MUTEX-WAY5XHM

Attributes

InstallPath
Sys32\wu�uclt.exe
gencode
u20uH1Gywf95
install
true
offline_keylogger
true
persistence
true
reg_key
Windows Update

Targets

- Target
  
  Программа.exe
- Size
  
  1.3MB
- MD5
  
  4fe5233fe247d7fe49ce80e8ea123822
- SHA1
  
  31b52c9c20f168cc13dc9a65f3cb3fa895dccfa8
- SHA256
  
  08915c724cd73b5f0272eeda53c2f86ba371521520f04d826ad171a564eb6f63
- SHA512
  
  824094053dff9a6cfa2279feb80ad7c638eda0c4517aa8f9c8dbb500bfda6ef40f6cd369b35bdfc098eb9f65572c9e561dc4b2921f7c34b0a0f3b48af25b81b5
- SSDEEP
  
  24576:QNQ0lNT0jhJgZUdYuWq1V4/LkLSL9tYavX5c3Nql1hVTSjCeCrz:H0HShJmEY8+/LB9tYaxc3Ng1hVZ7z
Score

10^/10

darkcomet wuàuclt cant kill discovery evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometwuàuclt cant killdiscoveryevasionpersistencerattrojan

behavioral2

darkcometwuàuclt cant killdiscoveryevasionpersistencerattrojan