darkcomet

General

Target

f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
Size

421KB
Sample

200629-dbfk7jf6y6
MD5

d01ebe2d4344efa13475e7d318dc72e0
SHA1

317411d3f7037875abf3c999654c7f485b25d826
SHA256

f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
SHA512

a74aded748a5f32ff7ff84579a781aea7c8a115925416ed0a2ce840e807ca8ed915e0e6a64d480597e73a4b32a4ac4b178ad6c600a6d4b4866100f9b06fb8c42

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

85.243.174.90:2020

192.168.1.67:2020

pedroduartef99.no-ip.org:2020

Mutex

DC_MUTEX-EAVT3D7

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
zFqKpfw5Q1gT
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
- Size
  
  421KB
- MD5
  
  d01ebe2d4344efa13475e7d318dc72e0
- SHA1
  
  317411d3f7037875abf3c999654c7f485b25d826
- SHA256
  
  f52cc86d7cf14cdc0c501285f31418a702fb88fceb639e5c4b295f9d9bcadb29
- SHA512
  
  a74aded748a5f32ff7ff84579a781aea7c8a115925416ed0a2ce840e807ca8ed915e0e6a64d480597e73a4b32a4ac4b178ad6c600a6d4b4866100f9b06fb8c42
Score

10^/10

darkcomet guest16 persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies WinLogon for persistence

Executes dropped EXE

UPX packed file

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2