darkcomet | af4048b256fb48626dd0f0858ffef4ad4170a1731ae56fca2d738e5608453c0d | Triage

Sharing

General

Target

af4048b256fb48626dd0f0858ffef4ad4170a1731ae56fca2d738e5608453c0d
Size

1.1MB
Sample

221130-3a5qeahc3s
MD5

3c3be3a92a306aea6b5f52169fec5365
SHA1

36027259a050261515b044c96a4f064190673928
SHA256

af4048b256fb48626dd0f0858ffef4ad4170a1731ae56fca2d738e5608453c0d
SHA512

7ccce9ee4be7935f179ccdcd868f750859325f1dd264aaadcd92dc177adb19ab11cf49ce4c03313338cdaf1944d2aada186b4abfc848fc160de9585919486012
SSDEEP

12288:FqvB6Jnhszpu3Z+1X7QSxD4SsXgOiGK86mPUxwta2JhAGROLmDqgTsgFF8dgY+jy:e7UwXMG/GK2U+42gLqWzgFXzbRXKncl

Score

10^/10

darkcomet persistence rat trojan

Malware Config

Targets

- Target
  
  af4048b256fb48626dd0f0858ffef4ad4170a1731ae56fca2d738e5608453c0d
- Size
  
  1.1MB
- MD5
  
  3c3be3a92a306aea6b5f52169fec5365
- SHA1
  
  36027259a050261515b044c96a4f064190673928
- SHA256
  
  af4048b256fb48626dd0f0858ffef4ad4170a1731ae56fca2d738e5608453c0d
- SHA512
  
  7ccce9ee4be7935f179ccdcd868f750859325f1dd264aaadcd92dc177adb19ab11cf49ce4c03313338cdaf1944d2aada186b4abfc848fc160de9585919486012
- SSDEEP
  
  12288:FqvB6Jnhszpu3Z+1X7QSxD4SsXgOiGK86mPUxwta2JhAGROLmDqgTsgFF8dgY+jy:e7UwXMG/GK2U+42gLqWzgFXzbRXKncl
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan