darkcomet | 65d1b87c16eb44d2d057df7492af8ee0f0f070e59f6678d9cb04a40b33df0d0f | Triage

Sharing

General

Target

14929a757a1299c47ab1395a63d4c8ee
Size

775KB
Sample

201214-pf95v7xza2
MD5

14929a757a1299c47ab1395a63d4c8ee
SHA1

fcc28114965b83bee2919e450b7731feebbbdd09
SHA256

65d1b87c16eb44d2d057df7492af8ee0f0f070e59f6678d9cb04a40b33df0d0f
SHA512

856470354ab7956c5709589c3a77674ca8e265b5ae29748d5d4d2e52c8986b9f6d4f8166f4a9ecc47b9c9cfdc16d7d699d4cd03c7f6ef596f2e58a36348e01ec

Score

10^/10

darkcomet ��persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

��

C2

dcv123.no-ip.biz:1604

Mutex

DC_MUTEX-45YS4L8

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
jvfglC4ADoBp
install
true
offline_keylogger
true
persistence
true
reg_key
msdcsc

Targets

- Target
  
  14929a757a1299c47ab1395a63d4c8ee
- Size
  
  775KB
- MD5
  
  14929a757a1299c47ab1395a63d4c8ee
- SHA1
  
  fcc28114965b83bee2919e450b7731feebbbdd09
- SHA256
  
  65d1b87c16eb44d2d057df7492af8ee0f0f070e59f6678d9cb04a40b33df0d0f
- SHA512
  
  856470354ab7956c5709589c3a77674ca8e265b5ae29748d5d4d2e52c8986b9f6d4f8166f4a9ecc47b9c9cfdc16d7d699d4cd03c7f6ef596f2e58a36348e01ec
Score

10^/10

darkcomet ��persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomet��persistencerattrojan

behavioral2

darkcomet��persistencerattrojan