darkcomet | b3449c05ac264d2d19c2a883b5d1ab06f484b934a32bb79f0288f116a991bbd8 | Triage

Sharing

General

Target

FuckTheCore.rar
Size

2.0MB
Sample

250121-bnxs6sypbw
MD5

695a6d0f4939276d0c6ded8c7f45ad93
SHA1

2d4555a671f397d0f56809bdf0c87b01c4baab56
SHA256

b3449c05ac264d2d19c2a883b5d1ab06f484b934a32bb79f0288f116a991bbd8
SHA512

8c1361c1fde3e90ec650df71eef7910a9c08773a90388c4cfee15aad8ae73e4153f12e0ba37d99cf4638a2eb64f80ccadafb68a6a33a269266b54efa196af02c
SSDEEP

49152:2vMsjWd84FsUZ0av8hZPpSt09I3H7VE0r79eq94L:2vyd0UZ0cYXSq9oHRE0nB96

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  FuckTheCore.exe
- Size
  
  4.7MB
- MD5
  
  d442d703f5e157ebc8599c407d02121d
- SHA1
  
  9f5968b9a0e71744f0ccd750b093e1477faa6b75
- SHA256
  
  c486e1a0e7fd07b046d7bf229d49fae292a79663224472c77598fab95877611e
- SHA512
  
  8be12fd13f8a94c414760391e55291d6fa29d2358e64a8572a7c5de8dad9c9048f624abf32591ef925af679351aa0e36028f4303c53f9d3ab1443aa5d7e68baa
- SSDEEP
  
  49152:OK1A6CVYmiSrTsL1VON/giCnSJwDznaAkrGOTpr+y3Z3fM6sPAxBh4:OK1xUrTsBVvzaDGOlZ3fLsPm2
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan

behavioral3

darkcometdiscoveryrattrojan