darkcomet | a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67 | Triage

Sharing

General

Target

a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
Size

900KB
Sample

220521-ethszshfh4
MD5

3d1fcc93b49eaaef35bb1f99db7db42b
SHA1

5aefd3d81e389bbcb23f91f1f3092c079a510089
SHA256

a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
SHA512

b2f9a734dcfe155f2af62ca7b1d8908b41203bac98d37f6fb5e9f9581d5678c02033a93fc363841cedf2a15361a77a395d9bb92e0efb5c0d7bcf6eba09948228

Score

10^/10

darkcomet 1 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

1

C2

hackportals.ddns.net:1604

Mutex

DC_MUTEX-B362LA5

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
YCkRrhsri4SH
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
- Size
  
  900KB
- MD5
  
  3d1fcc93b49eaaef35bb1f99db7db42b
- SHA1
  
  5aefd3d81e389bbcb23f91f1f3092c079a510089
- SHA256
  
  a0b1f9550cbe61784e816e7d27fd744d7e6300026e4e6ef9c19292e2db008c67
- SHA512
  
  b2f9a734dcfe155f2af62ca7b1d8908b41203bac98d37f6fb5e9f9581d5678c02033a93fc363841cedf2a15361a77a395d9bb92e0efb5c0d7bcf6eba09948228
Score

10^/10

darkcomet 1 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomet1persistencerattrojan

behavioral2