darkcomet | 68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc | Triage

Sharing

General

Target

68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
Size

673KB
Sample

201111-d8cx469la2
MD5

a1956148181fdefbbbbac3a2f2b73f25
SHA1

b4eb63ef287a20651558bca2984bb6d562b36c2d
SHA256

68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
SHA512

90b7e941dc4f7bad699062d7c74829a4f52db5156816b1a9b57f29740f3ceb2918577b980b732c592723e2dab983d024e0169d7c7866dab679564d6bbe27f62b

Score

10^/10

darkcomet jenny svc persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

jenny svc

C2

againme666.ddns.net:1604

Mutex

DC_MUTEX-Q77FTXU

Attributes

gencode
Pr3V0ty23oPh
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
- Size
  
  673KB
- MD5
  
  a1956148181fdefbbbbac3a2f2b73f25
- SHA1
  
  b4eb63ef287a20651558bca2984bb6d562b36c2d
- SHA256
  
  68d39181bb6b297c1896e45e834e64dedd92ec9fc129294e8d566e39bbc597bc
- SHA512
  
  90b7e941dc4f7bad699062d7c74829a4f52db5156816b1a9b57f29740f3ceb2918577b980b732c592723e2dab983d024e0169d7c7866dab679564d6bbe27f62b
Score

10^/10

darkcomet jenny svc persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometjenny svcpersistencerattrojan

behavioral2

darkcometjenny svcpersistencerattrojan