darkcomet | 5b2db86d7ced460a79ddc1668b5135459a03fb60416dfd6c134fec9a570853f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b2db86d7ced460a79ddc1668b5135459a03fb60416dfd6c134fec9a570853f7
Size

1.6MB
Sample

221201-ffkk4aeh83
MD5

322a39f09544686e5f3f8404c8a94bd3
SHA1

bd1fa7f10ac4467c88dd6758bec9e9e8ca667db0
SHA256

5b2db86d7ced460a79ddc1668b5135459a03fb60416dfd6c134fec9a570853f7
SHA512

ffc99dfb3a57e78963f3bae03f1f9d3ef0d701468e00f6b32945d9edce89a6274170c6c8af8673aed7127c0ece1a649fc55a012a8f36cb3704438a2385b8ec9f
SSDEEP

24576:s5EXudrr8uAFOS7j+7IFNO8OtOx0VKvgz0zsTgy9we3hxfa7P+Z8T5ALjXWfXMGF:vXue0yjf8faz+25Xs4GnS

Score

10^/10

darkcomet persistence rat trojan

Malware Config

Targets

- Target
  
  5b2db86d7ced460a79ddc1668b5135459a03fb60416dfd6c134fec9a570853f7
- Size
  
  1.6MB
- MD5
  
  322a39f09544686e5f3f8404c8a94bd3
- SHA1
  
  bd1fa7f10ac4467c88dd6758bec9e9e8ca667db0
- SHA256
  
  5b2db86d7ced460a79ddc1668b5135459a03fb60416dfd6c134fec9a570853f7
- SHA512
  
  ffc99dfb3a57e78963f3bae03f1f9d3ef0d701468e00f6b32945d9edce89a6274170c6c8af8673aed7127c0ece1a649fc55a012a8f36cb3704438a2385b8ec9f
- SSDEEP
  
  24576:s5EXudrr8uAFOS7j+7IFNO8OtOx0VKvgz0zsTgy9we3hxfa7P+Z8T5ALjXWfXMGF:vXue0yjf8faz+25Xs4GnS
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan