darkcomet | 5537299b16dea72f79f1700864a97cfc12bc7a1cf02faeb083fb8cf76a1beaaf | Triage

Sharing

General

Target

lenovo_sistem_bilgileri.sfx.exe
Size

690KB
Sample

201216-ez1qvbkz5s
MD5

46c1ca9ea33fc2ea90f6b9fee8a6dd76
SHA1

db41c5acb4e44895176d2e1f844d5b400592a1bc
SHA256

5537299b16dea72f79f1700864a97cfc12bc7a1cf02faeb083fb8cf76a1beaaf
SHA512

046ee4fea95cfed7b4f2f392e50122f376b7505603aaf0345c8f843dfd4eaa8c742382d9220a0a422ea8091f4b6318cb8e16ae5d00d6beb3e508fccfba867ebe

Score

10^/10

darkcomet �lk kurban persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

�LK KURBAN

C2

erenbey.duckdns.org:1604

Mutex

DCMIN_MUTEX-TDLEW50

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
CkJypkKdCu96
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  lenovo_sistem_bilgileri.sfx.exe
- Size
  
  690KB
- MD5
  
  46c1ca9ea33fc2ea90f6b9fee8a6dd76
- SHA1
  
  db41c5acb4e44895176d2e1f844d5b400592a1bc
- SHA256
  
  5537299b16dea72f79f1700864a97cfc12bc7a1cf02faeb083fb8cf76a1beaaf
- SHA512
  
  046ee4fea95cfed7b4f2f392e50122f376b7505603aaf0345c8f843dfd4eaa8c742382d9220a0a422ea8091f4b6318cb8e16ae5d00d6beb3e508fccfba867ebe
Score

10^/10

darkcomet �lk kurban persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet�lk kurbanpersistencerattrojan

behavioral2