darkcomet

General

Target

d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d
Size

1.1MB
Sample

221125-x95lssad77
MD5

5215daaf249f78c9b132f1563bc4248e
SHA1

a5e64d9f47c56f8aa9ad5ad5bf8f52ab66da9ec5
SHA256

d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d
SHA512

9da26d64021173bdaf4460d6f926e8af4a9af99f0ed9721e5df90fc7b20b687bf200b58b9faa2f0d4e5cff58e847abd16714d22120a29f82c760971c096b5f2e
SSDEEP

12288:ACrnoS0SkBEkazsG2sBpAY9QxLmpl2Ofe8KFFU0H/42fG31oVekukHzIOI8AAf3k:3CA+4pAYnKFFVH/01ytYf8Amse/edoa

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

BOT

C2

webshark.sytes.net:42250

Mutex

DC_MUTEX-9KT7NBA

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
ptRibxwp6WD9
install
true
offline_keylogger
false
password
pignouf64
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d
- Size
  
  1.1MB
- MD5
  
  5215daaf249f78c9b132f1563bc4248e
- SHA1
  
  a5e64d9f47c56f8aa9ad5ad5bf8f52ab66da9ec5
- SHA256
  
  d64c5845a7fee27ab6942e582101c6a7c02e8df5341eaeaf6e71b7a4cb9f4e5d
- SHA512
  
  9da26d64021173bdaf4460d6f926e8af4a9af99f0ed9721e5df90fc7b20b687bf200b58b9faa2f0d4e5cff58e847abd16714d22120a29f82c760971c096b5f2e
- SSDEEP
  
  12288:ACrnoS0SkBEkazsG2sBpAY9QxLmpl2Ofe8KFFU0H/42fG31oVekukHzIOI8AAf3k:3CA+4pAYnKFFVH/01ytYf8Amse/edoa
Score

10^/10

darkcomet isrstealer bot persistence rat stealer trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ISR Stealer

ISR Stealer payload

Modifies WinLogon for persistence

Executes dropped EXE

UPX packed file

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2