darkcomet | 2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588 | Triage

Sharing

General

Target

2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
Size

856KB
Sample

200624-yee94zpw6a
MD5

0241203fc5f46bb391c718d99aeb74fa
SHA1

56d18760a6bb948c7887f40e3f3a1b8395b54672
SHA256

2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
SHA512

bad9e676fc6c51c9d54e53f8e4966994b05451f39c5f2091a0c442e4c4ec78e05ffc8b9f3e3319b5df2d3706a75c2c0b2200875569e56e69f45c8c4e10a836b5

Score

10^/10

darkcomet port persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

PORT

C2

toxicwithahmet.duckdns.org:1604

Mutex

DC_MUTEX-7R6RAYW

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
CNR8TCZiNUeR
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
- Size
  
  856KB
- MD5
  
  0241203fc5f46bb391c718d99aeb74fa
- SHA1
  
  56d18760a6bb948c7887f40e3f3a1b8395b54672
- SHA256
  
  2fa59f06afb2e3c9bfa441137dbb4edeaec4c3c6ebf1fab6a7bf33cfa253a588
- SHA512
  
  bad9e676fc6c51c9d54e53f8e4966994b05451f39c5f2091a0c442e4c4ec78e05ffc8b9f3e3319b5df2d3706a75c2c0b2200875569e56e69f45c8c4e10a836b5
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan