darkcomet | 751d99c1569ebb12524ad307c520a849cd72c2675b041e0b3ff82972a1c55212 | Triage

Sharing

General

Target

751d99c1569ebb12524ad307c520a849cd72c2675b041e0b3ff82972a1c55212
Size

318KB
Sample

201111-c9dbj3jpln
MD5

bd1bd1822bf10d12ec7813d8b142efd8
SHA1

3f6300d822d866eca1b0a3dec07a857641e9ea1f
SHA256

751d99c1569ebb12524ad307c520a849cd72c2675b041e0b3ff82972a1c55212
SHA512

f641fe5bebbe6fb6d63e24b05c768f38516ede0c4bd3e93510347413371cbc07991e5b3faa29690c65685a2c1d2ee224a01f4a2751b90972be6676fbcdad66d8

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  751d99c1569ebb12524ad307c520a849cd72c2675b041e0b3ff82972a1c55212
- Size
  
  318KB
- MD5
  
  bd1bd1822bf10d12ec7813d8b142efd8
- SHA1
  
  3f6300d822d866eca1b0a3dec07a857641e9ea1f
- SHA256
  
  751d99c1569ebb12524ad307c520a849cd72c2675b041e0b3ff82972a1c55212
- SHA512
  
  f641fe5bebbe6fb6d63e24b05c768f38516ede0c4bd3e93510347413371cbc07991e5b3faa29690c65685a2c1d2ee224a01f4a2751b90972be6676fbcdad66d8
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan