darkcomet | f85a49531e9d2b8fba2f505b6199111d3eb7ec20c3226278ec631e868a5c6f1f | Triage

Sharing

General

Target

f85a49531e9d2b8fba2f505b6199111d3eb7ec20c3226278ec631e868a5c6f1f
Size

1.4MB
Sample

221029-rfva3sabd5
MD5

f1dce02270c994b295f4e0c501a68688
SHA1

0dbfe5bc38fc766fec9da4dc9bad677733c44dad
SHA256

f85a49531e9d2b8fba2f505b6199111d3eb7ec20c3226278ec631e868a5c6f1f
SHA512

74a04f4a78a94c8c35d203dd348cc42147a51e8255c3317b37449be934a4f60f5dbf4a9d0d15ef4ae4b5c3577b5428d9f12c34213642897ad37732d4654695cf
SSDEEP

24576:Gx4Xwm93aftAyKOTyHm4yIHKib/p6e0Brc2UJ8K5+c9pB2DZJ7JsXlSV3CQOD3fv:KOT9dysmf6d/4CnR+00D7Jyf

Score

10^/10

darkcomet rat persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Rat

C2

testingdirtypic.no-ip.biz:1701

Mutex

DC_MUTEX-K8KYHE6

Attributes

InstallPath
WinDir\rundll32.exe
gencode
hpWkLgQk4yn2
install
true
offline_keylogger
true
persistence
true
reg_key
Windows Rundll32

Targets

- Target
  
  f85a49531e9d2b8fba2f505b6199111d3eb7ec20c3226278ec631e868a5c6f1f
- Size
  
  1.4MB
- MD5
  
  f1dce02270c994b295f4e0c501a68688
- SHA1
  
  0dbfe5bc38fc766fec9da4dc9bad677733c44dad
- SHA256
  
  f85a49531e9d2b8fba2f505b6199111d3eb7ec20c3226278ec631e868a5c6f1f
- SHA512
  
  74a04f4a78a94c8c35d203dd348cc42147a51e8255c3317b37449be934a4f60f5dbf4a9d0d15ef4ae4b5c3577b5428d9f12c34213642897ad37732d4654695cf
- SSDEEP
  
  24576:Gx4Xwm93aftAyKOTyHm4yIHKib/p6e0Brc2UJ8K5+c9pB2DZJ7JsXlSV3CQOD3fv:KOT9dysmf6d/4CnR+00D7Jyf
Score

10^/10

darkcomet rat persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometratpersistencerattrojan

behavioral2

darkcometratpersistencerattrojan