darkcomet | a442c3203228642a60f501ff0c78520c22cbf332cf9a25fc584d2712a16ba905 | Triage

Sharing

General

Target

a442c3203228642a60f501ff0c78520c22cbf332cf9a25fc584d2712a16ba905
Size

318KB
Sample

201109-1hk8pj6rr6
MD5

05cf4f8680713194351357aa49b43076
SHA1

a2e23c0195c04160da45e1739424bb0c6695e6a3
SHA256

a442c3203228642a60f501ff0c78520c22cbf332cf9a25fc584d2712a16ba905
SHA512

4d70affba693089faf4c2debe3839afa5eda63936e3c9a7cadc3a222e29687f3021113e38a74be1498aa1c267fb44e489fecdee51f595f5d2229fb1efd05332a

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  a442c3203228642a60f501ff0c78520c22cbf332cf9a25fc584d2712a16ba905
- Size
  
  318KB
- MD5
  
  05cf4f8680713194351357aa49b43076
- SHA1
  
  a2e23c0195c04160da45e1739424bb0c6695e6a3
- SHA256
  
  a442c3203228642a60f501ff0c78520c22cbf332cf9a25fc584d2712a16ba905
- SHA512
  
  4d70affba693089faf4c2debe3839afa5eda63936e3c9a7cadc3a222e29687f3021113e38a74be1498aa1c267fb44e489fecdee51f595f5d2229fb1efd05332a
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan