darkcomet | 5d6a551a0ad117a907bcd225ea0d97355b88063e472007d33e2e159cc635fc03 | Triage

Sharing

General

Target

5d6a551a0ad117a907bcd225ea0d97355b88063e472007d33e2e159cc635fc03
Size

849KB
Sample

210924-gvx1eagaf2
MD5

bf1bf48e54628cce8c27309c05a1edaf
SHA1

28af1bd896e3fdf0f902af4948b48483e0c71193
SHA256

5d6a551a0ad117a907bcd225ea0d97355b88063e472007d33e2e159cc635fc03
SHA512

8138f0dc6880275ad6dce4e375b53078d5b83ba36d1796d20c4c06e63c436096fb40ffd4f68a72393052368c7a44c59e71581306402ba7b52d2a65ff86eb8bee

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ffcdds.ddns.net:1604

Mutex

DC_MUTEX-XETQG0J

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
urvT6qvyMSb0
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  5d6a551a0ad117a907bcd225ea0d97355b88063e472007d33e2e159cc635fc03
- Size
  
  849KB
- MD5
  
  bf1bf48e54628cce8c27309c05a1edaf
- SHA1
  
  28af1bd896e3fdf0f902af4948b48483e0c71193
- SHA256
  
  5d6a551a0ad117a907bcd225ea0d97355b88063e472007d33e2e159cc635fc03
- SHA512
  
  8138f0dc6880275ad6dce4e375b53078d5b83ba36d1796d20c4c06e63c436096fb40ffd4f68a72393052368c7a44c59e71581306402ba7b52d2a65ff86eb8bee
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan