darkcomet | a817f840ad7e96284110c9ebecafa55f632291ab2fb48996265bc8cb7a4a9be7 | Triage

Sharing

General

Target

Anti-Virus.bin.zip
Size

354KB
Sample

201105-6eystvbfce
MD5

471cde6cdbff959ab3f584513fb9eea2
SHA1

170d3f070749c48e1ce944f2d2253b16328310c5
SHA256

a817f840ad7e96284110c9ebecafa55f632291ab2fb48996265bc8cb7a4a9be7
SHA512

c68c88ccc208911d19b916795899daff53b8cf0850fe3cd50e6077f8d2038688cf8f959a51229fcd70e8baf4d17d29157fb54cc2fbb22f7625c68572d2a27c69

Score

10^/10

darkcomet anti-virus persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Anti-Virus

C2

guestanduser.no-ip.biz:1604

Mutex

DCMIN_MUTEX-7DT47PK

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
9FVdx8Zdf0oG
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  Anti-Virus.bin
- Size
  
  724KB
- MD5
  
  c7fff9b0cd6c657ba179d847d8bc3087
- SHA1
  
  d5f1e1f68122e48f04729a758dd4c1adcc7ed50f
- SHA256
  
  8aa7d2dab7187fd429bd289a953e3c5b857c6f7c2709f82f43b603ed5649b958
- SHA512
  
  65d9f8ee728ac9a11dcf0f286f5d656b81f2a3e1d980d92fd209e2e88c103778542c2d4538bf51d3a7881dd5bfceec51bf270f96f1fe4097bacc0a84900f9870
Score

10^/10

darkcomet anti-virus persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

anti-virusdarkcomet

behavioral1

darkcometanti-viruspersistencerattrojan

behavioral2

darkcometanti-viruspersistencerattrojan