darkcomet | 1cdca2d78597458423dae50d4c693e5d6fed8bd2ef0cc83f08e3dce36225bd92 | Triage

Sharing

General

Target

6eab736495f914d3adffd4cf0a923d36
Size

658KB
Sample

201214-4xwx5bvx3x
MD5

6eab736495f914d3adffd4cf0a923d36
SHA1

96134248a09a77b7960bac38a441538a76ca5a7c
SHA256

1cdca2d78597458423dae50d4c693e5d6fed8bd2ef0cc83f08e3dce36225bd92
SHA512

ac783fc437db544c6407da4e6bbf4619c5ad917bb1165ca2064305b015f292dba8edbf96ac298246cee3fe86f4b07a87c9808141a0a9e8d007d1d4483f872e20

Score

10^/10

darkcomet mitakacska persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

mitakacska

C2

127.0.0.1:1122

Mutex

DCMIN_MUTEX-X9BQVDS

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
m0YbYRxzGMkb
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  6eab736495f914d3adffd4cf0a923d36
- Size
  
  658KB
- MD5
  
  6eab736495f914d3adffd4cf0a923d36
- SHA1
  
  96134248a09a77b7960bac38a441538a76ca5a7c
- SHA256
  
  1cdca2d78597458423dae50d4c693e5d6fed8bd2ef0cc83f08e3dce36225bd92
- SHA512
  
  ac783fc437db544c6407da4e6bbf4619c5ad917bb1165ca2064305b015f292dba8edbf96ac298246cee3fe86f4b07a87c9808141a0a9e8d007d1d4483f872e20
Score

10^/10

darkcomet mitakacska persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

mitakacskadarkcomet

behavioral1

darkcometmitakacskapersistencerattrojan

behavioral2

darkcometmitakacskapersistencerattrojan