darkcomet | d31b4b000ea53806260be91ca05b91bfcb04c56bd68ed457109e5cab14914587 | Triage

Submit
Reports

Overview

overview

task1

task2

4

Static

static

Sharing

General

Target

0004 Spec Orede Req.pdf.exe
Size

1.8MB
Sample

191209-bdedd588ca
MD5

d7ee787127e8a5727dd90434f6941a2d
SHA1

aec8070aeba0d4177476494336d6cccb752d83e6
SHA256

d31b4b000ea53806260be91ca05b91bfcb04c56bd68ed457109e5cab14914587
SHA512

57936249eea46d8af818e01e21017e3563223b1fb8c63cc5d4af95e1a5a3be6e446de01f3bf149d0a512585d6cf24dbb2557a4df382a46d0a0dc66ef06d9e5cf

Score

10^/10

darkcomet 3-october 2019 persistence rat trojan

Task

task1

Sample

0004 Spec Orede Req.pdf.exe

Resource

win7v191014

darkcomet 3-october 2019 persistence rat trojan

0 signatures

Task

task2

Sample

0004 Spec Orede Req.pdf.exe

Resource

win10v191014

0 signatures

Static task

static1

Malware Config

Extracted

Family

darkcomet

Botnet

3-OCTOBER 2019

C2

timmy77.ddns.net:13251

Mutex

DC_MUTEX-AZAG0NH

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
EsnagdjpAd20
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  0004 Spec Orede Req.pdf.exe
- Size
  
  1.8MB
- MD5
  
  d7ee787127e8a5727dd90434f6941a2d
- SHA1
  
  aec8070aeba0d4177476494336d6cccb752d83e6
- SHA256
  
  d31b4b000ea53806260be91ca05b91bfcb04c56bd68ed457109e5cab14914587
- SHA512
  
  57936249eea46d8af818e01e21017e3563223b1fb8c63cc5d4af95e1a5a3be6e446de01f3bf149d0a512585d6cf24dbb2557a4df382a46d0a0dc66ef06d9e5cf
Score

10^/10

darkcomet 3-october 2019 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

darkcomet3-october 2019persistencerattrojan

task2

static1

© 2018-2024

Terms | Privacy