darkcomet | e0b94245ace791c7a227d636f97096114b24390c2bb644751a082e67084db2c1 | Triage

Sharing

General

Target

e0b94245ace791c7a227d636f97096114b24390c2bb644751a082e67084db2c1
Size

318KB
Sample

201108-n63qsadz3e
MD5

2f37ef5370527e8ffc74cbe460faf368
SHA1

ba1ff718fb64b6fc36a6cdb12bfd037fdb953711
SHA256

e0b94245ace791c7a227d636f97096114b24390c2bb644751a082e67084db2c1
SHA512

64db90472c0f8a65e1f57a8c1591010a0e089a371387a1a55b8dfad5288966ddb812dded03ead42e49615127e5edc4bc70f1b603e9b308e2d6314f3013a369bd

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  e0b94245ace791c7a227d636f97096114b24390c2bb644751a082e67084db2c1
- Size
  
  318KB
- MD5
  
  2f37ef5370527e8ffc74cbe460faf368
- SHA1
  
  ba1ff718fb64b6fc36a6cdb12bfd037fdb953711
- SHA256
  
  e0b94245ace791c7a227d636f97096114b24390c2bb644751a082e67084db2c1
- SHA512
  
  64db90472c0f8a65e1f57a8c1591010a0e089a371387a1a55b8dfad5288966ddb812dded03ead42e49615127e5edc4bc70f1b603e9b308e2d6314f3013a369bd
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan