darkcomet | 1cdca2d78597458423dae50d4c693e5d6fed8bd2ef0cc83f08e3dce36225bd92 | Triage

Sharing

General

Target

6eab736495f914d3adffd4cf0a923d36
Size

658KB
Sample

201214-4xwx5bvx3x
MD5

6eab736495f914d3adffd4cf0a923d36
SHA1

96134248a09a77b7960bac38a441538a76ca5a7c
SHA256

1cdca2d78597458423dae50d4c693e5d6fed8bd2ef0cc83f08e3dce36225bd92
SHA512

ac783fc437db544c6407da4e6bbf4619c5ad917bb1165ca2064305b015f292dba8edbf96ac298246cee3fe86f4b07a87c9808141a0a9e8d007d1d4483f872e20

Score

10^/10

darkcomet mitakacska persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

mitakacska

C2

127.0.0.1:1122

Mutex

DCMIN_MUTEX-X9BQVDS

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
m0YbYRxzGMkb
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  6eab736495f914d3adffd4cf0a923d36
- Size
  
  658KB
- MD5
  
  6eab736495f914d3adffd4cf0a923d36
- SHA1
  
  96134248a09a77b7960bac38a441538a76ca5a7c
- SHA256
  
  1cdca2d78597458423dae50d4c693e5d6fed8bd2ef0cc83f08e3dce36225bd92
- SHA512
  
  ac783fc437db544c6407da4e6bbf4619c5ad917bb1165ca2064305b015f292dba8edbf96ac298246cee3fe86f4b07a87c9808141a0a9e8d007d1d4483f872e20
Score

10^/10

darkcomet mitakacska persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

mitakacskadarkcomet

behavioral1

darkcometmitakacskapersistencerattrojan

behavioral2

darkcometmitakacskapersistencerattrojan