darkcomet | e50cf3f7139ac7f4924b835334a98f7c426b66d0d19e986d885bd4080433d7bd | Triage

Sharing

General

Target

Подключение к Cheater HAer VPsu202epdr.exe
Size

1.2MB
Sample

210429-vp1d4l6sg6
MD5

89819d45a907c55d273e9d4e2a64f2a9
SHA1

18db069eb82c31af3cb577ea392e4b42775d37f4
SHA256

e50cf3f7139ac7f4924b835334a98f7c426b66d0d19e986d885bd4080433d7bd
SHA512

bb2eee52e673c8e2ae44c60f0df8dc69890df2108f5278f1928f207055d5e8660fd8d8eaab9d67ee3ed950574184cbc94af77d831b601323afc31d715b9ec248

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

radgoodnow.mooo.com:7777

Mutex

DC_MUTEX-0E720ZB

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
ReysmuLVc5ah
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  Подключение к Cheater HAer VPsu202epdr.exe
- Size
  
  1.2MB
- MD5
  
  89819d45a907c55d273e9d4e2a64f2a9
- SHA1
  
  18db069eb82c31af3cb577ea392e4b42775d37f4
- SHA256
  
  e50cf3f7139ac7f4924b835334a98f7c426b66d0d19e986d885bd4080433d7bd
- SHA512
  
  bb2eee52e673c8e2ae44c60f0df8dc69890df2108f5278f1928f207055d5e8660fd8d8eaab9d67ee3ed950574184cbc94af77d831b601323afc31d715b9ec248
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan