darkcomet | 5361164dccc21a47eda74b90fde59434d7b0f9139b5ff078e626afb19828bd47 | Triage

Sharing

General

Target

5361164dccc21a47eda74b90fde59434d7b0f9139b5ff078e626afb19828bd47N.exe
Size

698KB
Sample

241205-m482xsxmhl
MD5

e7bf586931696e85f6bf960c11388c00
SHA1

b51ec209dc82f67ea163a5d3549b7c2a47f0345d
SHA256

5361164dccc21a47eda74b90fde59434d7b0f9139b5ff078e626afb19828bd47
SHA512

9e6b128e2f66bb0e2608ddaf5f191e8c766504f1ca6b41f499d0e6afb52f4c94624fbcb484d8c3166b3a2723d8e249313cbddb7a887506192b112cd724c6112e
SSDEEP

12288:uNAuo5DOxkhXzkJcX67+ET69NPA+qfnfaK3yXqkzIl+Me9MZ:uNrkhXzki6ql9mFfn53yXqEIl+4

Score

10^/10

darkcomet hf discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

darkred.servegame.com:4662

Mutex

DC_MUTEX-7B4EKNW

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
uwJhstfBog81
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  5361164dccc21a47eda74b90fde59434d7b0f9139b5ff078e626afb19828bd47N.exe
- Size
  
  698KB
- MD5
  
  e7bf586931696e85f6bf960c11388c00
- SHA1
  
  b51ec209dc82f67ea163a5d3549b7c2a47f0345d
- SHA256
  
  5361164dccc21a47eda74b90fde59434d7b0f9139b5ff078e626afb19828bd47
- SHA512
  
  9e6b128e2f66bb0e2608ddaf5f191e8c766504f1ca6b41f499d0e6afb52f4c94624fbcb484d8c3166b3a2723d8e249313cbddb7a887506192b112cd724c6112e
- SSDEEP
  
  12288:uNAuo5DOxkhXzkJcX67+ET69NPA+qfnfaK3yXqkzIl+Me9MZ:uNrkhXzki6ql9mFfn53yXqEIl+4
Score

10^/10

darkcomet hf discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethfdiscoverypersistencerattrojan

behavioral2

darkcomethfdiscoverypersistencerattrojan