darkcomet | 8989d145a2b5057d5d75cf067af75ac4a20d989bd064c57c7bdae3365807f6c5 | Triage

Sharing

General

Target

8989d145a2b5057d5d75cf067af75ac4a20d989bd064c57c7bdae3365807f6c5
Size

842KB
Sample

221020-tt2y7adcg4
MD5

903ea10ddeb5dec6a2293c3dfa5a0804
SHA1

2343f04be76f32311bb95d0a9e552e50a733a74f
SHA256

8989d145a2b5057d5d75cf067af75ac4a20d989bd064c57c7bdae3365807f6c5
SHA512

773bc3767ed9e4090d49861fe9de8c1b11e34cf0f95bad944364034910d3aeded0e65f257d3ab3ad73b535d0c6643a5a056e4ba01f74730b01b28aeb12423bd5
SSDEEP

24576:h04aY7IxRCHLZYQ4wFOLlOuP0KDOQJ97AWeduO6mMPrrL:h8cIHyLZClOXKKQJ9UWesBmQz

Score

10^/10

darkcomet arab persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

ARAB

C2

baybay.zapto.org:1604

Mutex

DC_MUTEX-VCPT74F

Attributes

gencode
QkHqSBfcPe1y
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8989d145a2b5057d5d75cf067af75ac4a20d989bd064c57c7bdae3365807f6c5
- Size
  
  842KB
- MD5
  
  903ea10ddeb5dec6a2293c3dfa5a0804
- SHA1
  
  2343f04be76f32311bb95d0a9e552e50a733a74f
- SHA256
  
  8989d145a2b5057d5d75cf067af75ac4a20d989bd064c57c7bdae3365807f6c5
- SHA512
  
  773bc3767ed9e4090d49861fe9de8c1b11e34cf0f95bad944364034910d3aeded0e65f257d3ab3ad73b535d0c6643a5a056e4ba01f74730b01b28aeb12423bd5
- SSDEEP
  
  24576:h04aY7IxRCHLZYQ4wFOLlOuP0KDOQJ97AWeduO6mMPrrL:h8cIHyLZClOXKKQJ9UWesBmQz
Score

10^/10

darkcomet arab persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometarabpersistencerattrojan

behavioral2

darkcometarabpersistencerattrojan