darkcomet | bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e | Triage

Sharing

General

Target

bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
Size

519KB
Sample

221203-gvt9hsee3w
MD5

0a576752b14445994e436a13e1d5f010
SHA1

ee7a1f32ac798dfbb11657e20ed240590bf6ef0b
SHA256

bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
SHA512

704bdf6fb715d4b9579f6331e538c2bcdbea7b3c4541a1736838a632358fcbf3ca4070f6c5840636d3746507b7172332480b8669dbd602ea10662be54947e536
SSDEEP

12288:yiATy7mBkza8SK0Gs1QEqAXIMco0MbW4GkRklOVd4:lATh6ly1zXhcabWuklOb4

Score

10^/10

darkcomet hacked by mrchpap'persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

HaCkeD By mrChpap'

C2

misteryou.zapto.org:1604

Mutex

DC_MUTEX-ZEHUWKF

Attributes

InstallPath
SVCHOST\svchost.exe
gencode
0onH4gcghlfP
install
true
offline_keylogger
true
persistence
true
reg_key
svchost

Targets

- Target
  
  bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
- Size
  
  519KB
- MD5
  
  0a576752b14445994e436a13e1d5f010
- SHA1
  
  ee7a1f32ac798dfbb11657e20ed240590bf6ef0b
- SHA256
  
  bdf46f94b451498f3680e952becb43849fab7b685677737d566a474a7c34e78e
- SHA512
  
  704bdf6fb715d4b9579f6331e538c2bcdbea7b3c4541a1736838a632358fcbf3ca4070f6c5840636d3746507b7172332480b8669dbd602ea10662be54947e536
- SSDEEP
  
  12288:yiATy7mBkza8SK0Gs1QEqAXIMco0MbW4GkRklOVd4:lATh6ly1zXhcabWuklOb4
Score

10^/10

darkcomet hacked by mrchpap'persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcomethacked by mrchpap'persistencerattrojan

behavioral2

darkcomethacked by mrchpap'persistencerattrojan