darkcomet | 2cc4826b0c4bc6a242fa4c4610c599e766a69d37e8b657e28131602541a60c21 | Triage

Sharing

General

Target

2cc4826b0c4bc6a242fa4c4610c599e766a69d37e8b657e28131602541a60c21
Size

252KB
Sample

201114-gppsmwxqj6
MD5

0f4fa9dff5b3fde74227eb45f3aa1bb9
SHA1

4be833339d7d907b2029a4466e0771760fd7a1f6
SHA256

2cc4826b0c4bc6a242fa4c4610c599e766a69d37e8b657e28131602541a60c21
SHA512

17100446ff5bceb5f4dcc0a16e48d33910d068b36cb48884d4fc3c5468d52a92120f6bb7a0eb832ed2322dc90c04bd97f57340df11595b68bb71dbbb2fefd4e7

Score

10^/10

darkcomet persistence rat trojan upx

Malware Config

Targets

- Target
  
  2cc4826b0c4bc6a242fa4c4610c599e766a69d37e8b657e28131602541a60c21
- Size
  
  252KB
- MD5
  
  0f4fa9dff5b3fde74227eb45f3aa1bb9
- SHA1
  
  4be833339d7d907b2029a4466e0771760fd7a1f6
- SHA256
  
  2cc4826b0c4bc6a242fa4c4610c599e766a69d37e8b657e28131602541a60c21
- SHA512
  
  17100446ff5bceb5f4dcc0a16e48d33910d068b36cb48884d4fc3c5468d52a92120f6bb7a0eb832ed2322dc90c04bd97f57340df11595b68bb71dbbb2fefd4e7
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan