darkcomet | caaea62e592b0a0016dd83f803cbf12a892fc7c8296e87fb24c424cb44f78378 | Triage

Sharing

General

Target

9c972bef6ab390369ca86d960feb9eb6_JaffaCakes118
Size

390KB
Sample

241125-trrensvpcx
MD5

9c972bef6ab390369ca86d960feb9eb6
SHA1

054c9d1f996e3732d26f3a0bdbf75697b4b795a0
SHA256

caaea62e592b0a0016dd83f803cbf12a892fc7c8296e87fb24c424cb44f78378
SHA512

1332bd39bddc5927cf605c053e76975c54cc4325d8401c811a178b379c1d0be4888bafbd3407948e5d5d4840ed6fb7d9af976e8175f0008d248c027b84f9c889
SSDEEP

12288:nmPtVK4+gOBH7RuqTk5QwImB1wyp1nSPY9dDTU:nwK4+XXk5QTmBt1egdk

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  133Devblock cheat/Extreme Injector v2 by master131.exe
- Size
  
  865KB
- MD5
  
  4e49565cbd3e2a63b3ade2b8532ec912
- SHA1
  
  0092c941f2432f597a663b1fa627764c732de1e6
- SHA256
  
  8d595ae8374459d800de2f9ccbf5eba2136e005168489cf7d07fc97eefd54077
- SHA512
  
  973d4ccc99be60d48d05dbe5b54307480d846a9db86a65e766a0640e5db54a1eabe55b3ee6767f9c63bfc63c5c0463dd89e00d5431a28d294f28da52ee7d1d39
- SSDEEP
  
  12288:YTKa4lZWCw0K9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFX:YyZtGiBIGkbxqEcjsWiDxguehC2SA
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2
- Target
  
  133Devblock cheat/UInjectIME.dll
- Size
  
  52KB
- MD5
  
  359619622bd8f101e1fcda48597ae67a
- SHA1
  
  ebfb2454e583550fe4c7ab8daa80cc860723659b
- SHA256
  
  79bf9c9c4e1f2fe22a3d48d0d9cf0466c17cf711113ae452f272f804e2776117
- SHA512
  
  395f3b497cd9fd1731f6b45f2054129ea0018050c7021b17555bef5aabef8ed04dab80f7c120f9127e2d98bdc3bdedbe1e5d54a43f1f5c87169cb7549d0123a6
- SSDEEP
  
  768:sATE5wWQPut/a2/1XDRMDwAkXD2uNRunVkwYGdxYD/9Wc8NqCvtbZqNo7yR:hTs+id1MSCuNRuSwYGADVHzzR
Score

1^/10
behavioral3 behavioral4
- Target
  
  133Devblock cheat/UnityLoaderv2.dll
- Size
  
  8KB
- MD5
  
  4eb6b47ae6d6a6d50862fc9e07b7e4d2
- SHA1
  
  f899fa9def2a65a7b52be41229319baaa4ef05c3
- SHA256
  
  c6b4f08792ffc3bc077ea2d11020dd4eee6a445503ed85d758c22d8628fe2a01
- SHA512
  
  4845dd60038b66781026adaae2c5a357ee33e516b474ea0ff899f60b1bb85d8d831f003e40140e151a57118df0586c52f2ab1eb87dbe0b85f55720c52edf272b
- SSDEEP
  
  96:9KtoI28JoGOmWI00RW2QzF8rQs6NKcleblGaTOKcHEE73XCx:IoJAqJ0RpyK/c+GI1EJ73X
Score

1^/10
behavioral5 behavioral6
- Target
  
  133Devblock cheat/hax3s.dll
- Size
  
  21KB
- MD5
  
  46b133e356e74a9d447f49f2b63f4877
- SHA1
  
  e2fdae3d3d271b80dc83546b64c25912da62fe1f
- SHA256
  
  caeba4c26e102a3603525119875ee22d864b6089f5b6435d3d37faaf0876763a
- SHA512
  
  5c5669f703e1be37858c01f759631ffd0e9f1aad8bbf59461504927c3dcf0acb31b52b39a0d470058d2b721cf4add3ad4a3e2ddf25b89ad3054e2cc6cc0d041c
- SSDEEP
  
  384:Vhw0IFa1zu+zOkcf09ksd9i4+GOh0EiUNNlVGejhiG93dBxCBuH:VhwJY1zuuc1sd9D+/piWNR3oQ
Score

3^/10

discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8