darkcomet | 1ccaafea3b64fe2c5e7859d550ade584d93e7bdc28472317022693456c6f2c64 | Triage

Submit
Reports

Overview

overview

Static

static

3

17a6cf6240...66.exe

windows7-x64

17a6cf6240...66.exe

windows10-2004-x64

Sharing

General

Target

17a6cf62409d259d281c82ae00259d66.bin
Size

700KB
Sample

240629-cjst4aydmc
MD5

17a6cf62409d259d281c82ae00259d66
SHA1

15c2bccc3f8bc41190eaa6b49da6c99eccf1602d
SHA256

1ccaafea3b64fe2c5e7859d550ade584d93e7bdc28472317022693456c6f2c64
SHA512

2d0e56b9117b7dd0f6f1910dad82b09f9e1d693d238422498c93c3d14e6de7ebdef4bd0decfc20582305b1ed41db98ff4bd447da72181dc97e6aa8601fd6110b
SSDEEP

12288:/yPPQ1ufEoYFwm4jFySBXY3sHuss0dtyxvlrKnnmRjVLPrJHbFJ8:/yPPMpoY6HXY3Kusfexv4n6jVLxc

Score

10^/10

darkcomet åååååååååå persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

17a6cf62409d259d281c82ae00259d66.exe

Resource

win7-20240611-en

darkcomet åååååååååå persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

17a6cf62409d259d281c82ae00259d66.exe

Resource

win10v2004-20240611-en

darkcomet åååååååååå persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

åååååååååå

C2

ogdd.servemp3.com:4433

Mutex

DC_MUTEX-LGYC4QH

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
7UYk2EHbmDiQ
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  17a6cf62409d259d281c82ae00259d66.bin
- Size
  
  700KB
- MD5
  
  17a6cf62409d259d281c82ae00259d66
- SHA1
  
  15c2bccc3f8bc41190eaa6b49da6c99eccf1602d
- SHA256
  
  1ccaafea3b64fe2c5e7859d550ade584d93e7bdc28472317022693456c6f2c64
- SHA512
  
  2d0e56b9117b7dd0f6f1910dad82b09f9e1d693d238422498c93c3d14e6de7ebdef4bd0decfc20582305b1ed41db98ff4bd447da72181dc97e6aa8601fd6110b
- SSDEEP
  
  12288:/yPPQ1ufEoYFwm4jFySBXY3sHuss0dtyxvlrKnnmRjVLPrJHbFJ8:/yPPMpoY6HXY3Kusfexv4n6jVLxc
Score

10^/10

darkcomet åååååååååå persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometååååååååååpersistencerattrojan

behavioral2

darkcometååååååååååpersistencerattrojan

© 2018-2024

Terms | Privacy