darkcomet | ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60 | Triage

Sharing

General

Target

ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60
Size

970KB
Sample

221201-yazryagg41
MD5

888e2ff3d438e24c124f34ee8de2052e
SHA1

a873698e0f13d70bfaf4b8b7021d3dca48302b2a
SHA256

ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60
SHA512

1283a679c6ee1b872b8b600c928846923707623ca8489143b50c6aa2f25cf5d0aa51c400c1d8264d044cb47fa500b46240da3c394d739ca2fb5ee4932e5c2a75
SSDEEP

24576:obbVYk0jqnKXkecg7Xocte+7snYdXwZwj:obbwzUsrGWj

Score

10^/10

darkcomet dc persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

DC

C2

WalruusHOST.NO-IP.biz:200

Mutex

DC_MUTEX-0HZFGFD

Attributes

gencode
pynuhxnShyEp
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60
- Size
  
  970KB
- MD5
  
  888e2ff3d438e24c124f34ee8de2052e
- SHA1
  
  a873698e0f13d70bfaf4b8b7021d3dca48302b2a
- SHA256
  
  ad756688fd4a1fbe4edb0f982213818544f4b962d50543a85e6ba8da88be9a60
- SHA512
  
  1283a679c6ee1b872b8b600c928846923707623ca8489143b50c6aa2f25cf5d0aa51c400c1d8264d044cb47fa500b46240da3c394d739ca2fb5ee4932e5c2a75
- SSDEEP
  
  24576:obbVYk0jqnKXkecg7Xocte+7snYdXwZwj:obbwzUsrGWj
Score

10^/10

darkcomet dc persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdcpersistencerattrojan

behavioral2

darkcometdcpersistencerattrojan