darkcomet | b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b | Triage

Sharing

General

Target

b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
Size

476KB
Sample

200706-67896k7hxj
MD5

b0196d39c93d411d1c26d053464e9063
SHA1

9468b91d627458e62cafdc4319fa673a5140f93c
SHA256

b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
SHA512

fa49fdc90c924c2078ee210a6dc6b5c139462f8b76b94a7a998a73200a0c618d92f921dea6b7574ffcd0a583c01166deebb7acf474fd33de76cfa758e7aeeb29

Score

10^/10

darkcomet �킽��persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

�킽��

C2

darkanony0501.no-ip.biz:1604

Mutex

DC_MUTEX-RUSU0K2

Attributes

gencode
Jv5i6qhD7WCB
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
- Size
  
  476KB
- MD5
  
  b0196d39c93d411d1c26d053464e9063
- SHA1
  
  9468b91d627458e62cafdc4319fa673a5140f93c
- SHA256
  
  b54347c754b7095d0a38c7180eaa71e50c4431b7c721f7791483babb2610d17b
- SHA512
  
  fa49fdc90c924c2078ee210a6dc6b5c139462f8b76b94a7a998a73200a0c618d92f921dea6b7574ffcd0a583c01166deebb7acf474fd33de76cfa758e7aeeb29
Score

10^/10

darkcomet �킽��persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomet�킽��persistencerattrojan

behavioral2

darkcomet�킽��persistencerattrojan