darkcomet | f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a | Triage

Sharing

General

Target

f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
Size

897KB
Sample

220508-jg31lsecfp
MD5

d0509752639a169c3ac9dbc1c09a6c28
SHA1

d78582955c93852db3633806c7b03eea77640043
SHA256

f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
SHA512

606059db06b057d8b4bf4a1555e80e00bf410605875c4926541e64da5f3cd318169a065701f18c92bacfe544f0b97f5aa2b3444e4b41f8d173a8f14326b1ae56

Score

10^/10

darkcomet update persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Update

C2

sosomelaine.ddns.net:1604

Mutex

DC_MUTEX-8YW07F7

Attributes

gencode
yNpsss59r5Df
install
false
offline_keylogger
true
password
amiga1200
persistence
false

Targets

- Target
  
  f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
- Size
  
  897KB
- MD5
  
  d0509752639a169c3ac9dbc1c09a6c28
- SHA1
  
  d78582955c93852db3633806c7b03eea77640043
- SHA256
  
  f276c46a83f369dabc8e272b171b43109875016364078fc16a0f99a4d50cd91a
- SHA512
  
  606059db06b057d8b4bf4a1555e80e00bf410605875c4926541e64da5f3cd318169a065701f18c92bacfe544f0b97f5aa2b3444e4b41f8d173a8f14326b1ae56
Score

10^/10

darkcomet update persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometupdatepersistencerattrojan

behavioral2

darkcometupdatepersistencerattrojan