darkcomet | 564acf1691b8c01e16314f9cbea40f886b37dfef5a78379879e50beca6259011 | Triage

Sharing

General

Target

564acf1691b8c01e16314f9cbea40f886b37dfef5a78379879e50beca6259011
Size

318KB
Sample

201108-7qhvhy9nfs
MD5

68470ba0c4edc1d99d1d7e2861fc781b
SHA1

37288ac725d36bf469f517e361b4bb9af16aaf15
SHA256

564acf1691b8c01e16314f9cbea40f886b37dfef5a78379879e50beca6259011
SHA512

f2c316ac129917c00a9f087cf57b30b9db93695c4b468944d1ac76ffee64576b2f012b940b1ec3a4137bd8baa529d64c017456b5a110169f3d5fa610c2d929b2

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  564acf1691b8c01e16314f9cbea40f886b37dfef5a78379879e50beca6259011
- Size
  
  318KB
- MD5
  
  68470ba0c4edc1d99d1d7e2861fc781b
- SHA1
  
  37288ac725d36bf469f517e361b4bb9af16aaf15
- SHA256
  
  564acf1691b8c01e16314f9cbea40f886b37dfef5a78379879e50beca6259011
- SHA512
  
  f2c316ac129917c00a9f087cf57b30b9db93695c4b468944d1ac76ffee64576b2f012b940b1ec3a4137bd8baa529d64c017456b5a110169f3d5fa610c2d929b2
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan