darkcomet

Resubmissions

05/02/2025, 07:25

250205-h9ctfsxqaj 10

05/02/2025, 06:58

250205-hrpqaswrfk 10

01/10/2022, 23:37

221001-3mmqcscbb6 10

Sharing

Copy URL

Twitter E-mail

General

Target

763f992e8d36d950ef166ca66f95d4d1cab1ba95419987e8a0281cbffc9257d6
Size

757KB
Sample

250205-h9ctfsxqaj
MD5

7b8560ae8ce17f43bddc807c78d36457
SHA1

aff2be4f4dceb4847608d6718fcdfa0958322157
SHA256

763f992e8d36d950ef166ca66f95d4d1cab1ba95419987e8a0281cbffc9257d6
SHA512

dd670da215d25b8f9791c082b646620accc82d991cc8ed3f3a9ce384a60e113b652946fb4d0c7dab0b2d03f7c4e4539bb73b84394a3054d4460cc990accd7462
SSDEEP

12288:D9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h7nkQ:NZ1xuVVjfFoynPaVBUR8f+kN10EBtkQ

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Robert

127.0.0.1:1604

harryisasexybitch.zapto.org:1604

Mutex

DC_MUTEX-4A2MA06

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
BBoW3lnSTiZW
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Extracted

Family

latentbot

harryisasexybitch.zapto.org

Targets

- Target
  
  763f992e8d36d950ef166ca66f95d4d1cab1ba95419987e8a0281cbffc9257d6
- Size
  
  757KB
- MD5
  
  7b8560ae8ce17f43bddc807c78d36457
- SHA1
  
  aff2be4f4dceb4847608d6718fcdfa0958322157
- SHA256
  
  763f992e8d36d950ef166ca66f95d4d1cab1ba95419987e8a0281cbffc9257d6
- SHA512
  
  dd670da215d25b8f9791c082b646620accc82d991cc8ed3f3a9ce384a60e113b652946fb4d0c7dab0b2d03f7c4e4539bb73b84394a3054d4460cc990accd7462
- SSDEEP
  
  12288:D9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h7nkQ:NZ1xuVVjfFoynPaVBUR8f+kN10EBtkQ
Score

10^/10

darkcomet latentbot robert defense_evasion discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

LatentBot

Latentbot family

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9