darkcomet | c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d | Triage

Sharing

General

Target

c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d
Size

744KB
Sample

221201-lzr26sgb44
MD5

ec9b8f4b0af5befd5558ffeb0ecc88a6
SHA1

9bb0f2e8322288ed4e2612496d7de2340dcb5173
SHA256

c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d
SHA512

6cd1a68c677ecf120c023ed274cbf12977e86a1e593021964bbae51638b8daa71ee451ab859a7ca521a29f71706892549b1db2440f5f7cf21e0ec104cb4e4137
SSDEEP

12288:z8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixW:QUKoN0bUxgGa/pfBHDb+y1HgZ

Score

10^/10

darkcomet persistence rat trojan

Malware Config

Targets

- Target
  
  c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d
- Size
  
  744KB
- MD5
  
  ec9b8f4b0af5befd5558ffeb0ecc88a6
- SHA1
  
  9bb0f2e8322288ed4e2612496d7de2340dcb5173
- SHA256
  
  c1e70bd2045de199ae27a22d3fab35002290b8bffb938d8f17cb7a058730e57d
- SHA512
  
  6cd1a68c677ecf120c023ed274cbf12977e86a1e593021964bbae51638b8daa71ee451ab859a7ca521a29f71706892549b1db2440f5f7cf21e0ec104cb4e4137
- SSDEEP
  
  12288:z8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixW:QUKoN0bUxgGa/pfBHDb+y1HgZ
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2