darkcomet | 97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521 | Triage

Sharing

General

Target

97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
Size

685KB
Sample

210228-q1h3ewd28e
MD5

59b083bb93311967ade4787a38a71da4
SHA1

2ccc0033adcb96f52aa0af850480465b62a76b0f
SHA256

97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
SHA512

be8afed68c25c32c621a12f6a08450aafaf8fd9f90593dcf74a9ef0597b2a178d81b9a99c2e224adfe88c5052c7359a58d2324b8f36cdbd6717eaeb507b246a9

Score

10^/10

darkcomet sazan persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Sazan

C2

marbeyli.duckdns.org:1604

Mutex

DC_MUTEX-LE9EE3D

Attributes

InstallPath
MSDCSC\svchost.exe
gencode
w1S5jibwxNoa
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
- Size
  
  685KB
- MD5
  
  59b083bb93311967ade4787a38a71da4
- SHA1
  
  2ccc0033adcb96f52aa0af850480465b62a76b0f
- SHA256
  
  97eee5ecf6cc23c32ec2eadf116cc10976696962e7f2cd6c124b3761b4409521
- SHA512
  
  be8afed68c25c32c621a12f6a08450aafaf8fd9f90593dcf74a9ef0597b2a178d81b9a99c2e224adfe88c5052c7359a58d2324b8f36cdbd6717eaeb507b246a9
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan