darkcomet | 0910ca437d19b8920ea6c0f91d4172a18b2c7827246eae1ea1bc17115c845ebf | Triage

Sharing

General

Target

438492ec709255dbe567d82907aa5a3c
Size

761KB
Sample

201214-er4y7qbre2
MD5

438492ec709255dbe567d82907aa5a3c
SHA1

7d0c8bbefb1a8a69d3530fa5152d849ebb2df0c0
SHA256

0910ca437d19b8920ea6c0f91d4172a18b2c7827246eae1ea1bc17115c845ebf
SHA512

33c6ee96bba0d0e3b4762775543c706d20b0fcc1619e527b1b7865c0b6a66bd399db265ba6a92e791305e58bb2a45ed0a94fb1f695220d4e5e3e78daab084f0f

Score

10^/10

darkcomet streg persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

STREG

C2

193.242.166.48:1604

Mutex

DC_MUTEX-F82MLBD

Attributes

InstallPath
MSDCSC\update.exe
gencode
xSLnBB8c1GjG
install
true
offline_keylogger
true
persistence
true
reg_key
WindowsUpdate

Targets

- Target
  
  438492ec709255dbe567d82907aa5a3c
- Size
  
  761KB
- MD5
  
  438492ec709255dbe567d82907aa5a3c
- SHA1
  
  7d0c8bbefb1a8a69d3530fa5152d849ebb2df0c0
- SHA256
  
  0910ca437d19b8920ea6c0f91d4172a18b2c7827246eae1ea1bc17115c845ebf
- SHA512
  
  33c6ee96bba0d0e3b4762775543c706d20b0fcc1619e527b1b7865c0b6a66bd399db265ba6a92e791305e58bb2a45ed0a94fb1f695220d4e5e3e78daab084f0f
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan