darkcomet | a2b6aa60ebd31a2177e41003b5988ffd94dc38bcb13477905b6b94e2ac222806 | Triage

Sharing

General

Target

a2b6aa60ebd31a2177e41003b5988ffd94dc38bcb13477905b6b94e2ac222806
Size

318KB
Sample

201106-z5yq7dqxg2
MD5

f5c53bcf86cb23fab76ebe396dfb334b
SHA1

1a0dc48f800906b8283571c96a7759238074d532
SHA256

a2b6aa60ebd31a2177e41003b5988ffd94dc38bcb13477905b6b94e2ac222806
SHA512

25f78f1da0bf152c538e1a16bb6706da380cf9fc95448be14f72c015ca05a4f650cc16b7552970ef9d12e38da8709728b697e44ea341fec958ba6ea6a17f091d

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  a2b6aa60ebd31a2177e41003b5988ffd94dc38bcb13477905b6b94e2ac222806
- Size
  
  318KB
- MD5
  
  f5c53bcf86cb23fab76ebe396dfb334b
- SHA1
  
  1a0dc48f800906b8283571c96a7759238074d532
- SHA256
  
  a2b6aa60ebd31a2177e41003b5988ffd94dc38bcb13477905b6b94e2ac222806
- SHA512
  
  25f78f1da0bf152c538e1a16bb6706da380cf9fc95448be14f72c015ca05a4f650cc16b7552970ef9d12e38da8709728b697e44ea341fec958ba6ea6a17f091d
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan