darkcomet | 8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d | Triage

Sharing

General

Target

8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
Size

3.6MB
Sample

201106-xt6sm3e4r2
MD5

0cc4b215bf319dfc3a93c784a9e455ec
SHA1

4f39f687c1449665f66081325bebada166772d28
SHA256

8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
SHA512

ed84d3e693c18348fc61a6e0698d095e3efbedb8b99cafc5cd47d938905a276dfaecae4c789ae2a17b2bfc4dc6a4b4b5c0c9e607fe9d16899351724a7309d993

Score

10^/10

darkcomet puffy 001 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Puffy 001

C2

againme666.ddns.net:1604

Mutex

DC_MUTEX-8FFHWUR

Attributes

gencode
iGsZPLQk83py
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
- Size
  
  3.6MB
- MD5
  
  0cc4b215bf319dfc3a93c784a9e455ec
- SHA1
  
  4f39f687c1449665f66081325bebada166772d28
- SHA256
  
  8b540bf1f0f283d0a074b95422f7c619f7c81a73067d2e1e00e72d923575c51d
- SHA512
  
  ed84d3e693c18348fc61a6e0698d095e3efbedb8b99cafc5cd47d938905a276dfaecae4c789ae2a17b2bfc4dc6a4b4b5c0c9e607fe9d16899351724a7309d993
Score

10^/10

darkcomet puffy 001 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpuffy 001persistencerattrojan

behavioral2

darkcometpuffy 001persistencerattrojan