darkcomet | 3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13 | Triage

Sharing

General

Target

3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
Size

682KB
Sample

221128-xvp8kadh3t
MD5

12641af0a6d3c52982b1ebc092f2e49b
SHA1

2387dacabec566dff2492bad1dc0034189d4d9b0
SHA256

3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
SHA512

12368ed421bf7d06694a3a679161d6f4152182730ff2f4adc07940067f1eae8e721da67a3206c4d23c39de5008594d04e5804db040aee8870fa8717dd68e8728
SSDEEP

12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFkM:6iBIGkbxqEcjsWiDxguehC2SK

Score

10^/10

darkcomet hack persistence

Malware Config

Extracted

Family

darkcomet

Botnet

HACK

C2

qun.no-ip.biz:1604

inzhi.no-ip.biz:1604

Mutex

DC_MUTEX-6PNZJY7

Attributes

InstallPath
AppDate\Local
gencode
qRacPhkHU88Y
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
- Size
  
  682KB
- MD5
  
  12641af0a6d3c52982b1ebc092f2e49b
- SHA1
  
  2387dacabec566dff2492bad1dc0034189d4d9b0
- SHA256
  
  3a2aa960cb8e94359f7f24bc993e383c4cc26d8d4f34df77d4a26c74f69c4c13
- SHA512
  
  12368ed421bf7d06694a3a679161d6f4152182730ff2f4adc07940067f1eae8e721da67a3206c4d23c39de5008594d04e5804db040aee8870fa8717dd68e8728
- SSDEEP
  
  12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFkM:6iBIGkbxqEcjsWiDxguehC2SK
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2