darkcomet | 68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a | Triage

Submit
Reports

Overview

overview

Static

static

68b5724614...6a.exe

windows7-x64

68b5724614...6a.exe

windows10-2004-x64

Sharing

General

Target

68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
Size

838KB
Sample

240621-2el87axaml
MD5

66f3b3833902264db9ef07ca2f83ff52
SHA1

d3da2491ce5db90511b5896932a688e800dd620b
SHA256

68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
SHA512

2b56e45bc1411a7335ff3cf467a3acaae3c21ce92ebe8e87c8a5f93a6bc145d7cc12f1d98e088c104cef9741ae44640e50f293fad7b24173f9aab0a0ac5d1dfe
SSDEEP

24576:rZ1xuVVjfFoynPaVBUR8f+kN10EB/+xicXD0QZh9uA:NQDgok30SPckA

Score

10^/10

darkcomet guest16 persistence rat trojan

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a.exe

Resource

win7-20240508-en

darkcomet guest16 persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a.exe

Resource

win10v2004-20240611-en

darkcomet guest16 persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.124.129:1604

Mutex

DC_MUTEX-GHUCMYM

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
s648XXfZuZ4D
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
- Size
  
  838KB
- MD5
  
  66f3b3833902264db9ef07ca2f83ff52
- SHA1
  
  d3da2491ce5db90511b5896932a688e800dd620b
- SHA256
  
  68b5724614943efc6e393be7d55fcd7b7c6d4640764abcc51e504ce800da286a
- SHA512
  
  2b56e45bc1411a7335ff3cf467a3acaae3c21ce92ebe8e87c8a5f93a6bc145d7cc12f1d98e088c104cef9741ae44640e50f293fad7b24173f9aab0a0ac5d1dfe
- SSDEEP
  
  24576:rZ1xuVVjfFoynPaVBUR8f+kN10EB/+xicXD0QZh9uA:NQDgok30SPckA
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan

© 2018-2024

Terms | Privacy