darkcomet | 9deb17088ddbdacbbd2012680ec95c2cd14b41765c526b86bacd76635706b7df | Triage

Sharing

General

Target

9deb17088ddbdacbbd2012680ec95c2cd14b41765c526b86bacd76635706b7df
Size

252KB
Sample

201108-n3wetabfsx
MD5

d73b8746b010612753f93c0029ed8c64
SHA1

c6a9d6693a4a6f3077db3a1d9348ac5e952c9165
SHA256

9deb17088ddbdacbbd2012680ec95c2cd14b41765c526b86bacd76635706b7df
SHA512

28616bc8a9eb7064fc6a1fbff218ce33313e278c83a62ec873afad513a5554d742564ee660bec87fe6c8363180250b880a2afa277fe99d464131f9bdf0ac326a

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  9deb17088ddbdacbbd2012680ec95c2cd14b41765c526b86bacd76635706b7df
- Size
  
  252KB
- MD5
  
  d73b8746b010612753f93c0029ed8c64
- SHA1
  
  c6a9d6693a4a6f3077db3a1d9348ac5e952c9165
- SHA256
  
  9deb17088ddbdacbbd2012680ec95c2cd14b41765c526b86bacd76635706b7df
- SHA512
  
  28616bc8a9eb7064fc6a1fbff218ce33313e278c83a62ec873afad513a5554d742564ee660bec87fe6c8363180250b880a2afa277fe99d464131f9bdf0ac326a
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan