darkcomet | f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a | Triage

Sharing

General

Target

f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
Size

3.6MB
Sample

201108-cqg7py32r6
MD5

a683b356df3c7d41d00a38bb4fdd31fe
SHA1

7cc22ca306b2ae8868030bf15274129763604ea0
SHA256

f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
SHA512

5865f3aad25c75ab672e188d55dd14027f7e8e2fcd303b4bcb163041c71d2644f7f280654230b82a99be54ec1b30191af461387cbb2db20e728d5ebce59acb9e

Score

10^/10

darkcomet puffy 001 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Puffy 001

C2

againme666.ddns.net:1604

Mutex

DC_MUTEX-8FFHWUR

Attributes

gencode
iGsZPLQk83py
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
- Size
  
  3.6MB
- MD5
  
  a683b356df3c7d41d00a38bb4fdd31fe
- SHA1
  
  7cc22ca306b2ae8868030bf15274129763604ea0
- SHA256
  
  f79c8ce6cbed48827a43fdde4b17a5cedee63df85066aba1b2078470f68fb43a
- SHA512
  
  5865f3aad25c75ab672e188d55dd14027f7e8e2fcd303b4bcb163041c71d2644f7f280654230b82a99be54ec1b30191af461387cbb2db20e728d5ebce59acb9e
Score

10^/10

darkcomet puffy 001 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpuffy 001persistencerattrojan

behavioral2

darkcometpuffy 001persistencerattrojan