darkcomet | hxxps://mega[.]nz/file/ocx3DKyL#jsdaswUWznptm9hz7qSnGPU3Jy9hTlE3aRzrpmNIzxM | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows11-21h2-x64

Sharing

General

Target

https://mega.nz/file/ocx3DKyL#jsdaswUWznptm9hz7qSnGPU3Jy9hTlE3aRzrpmNIzxM
Sample

240419-b4jw9aec3t

Score

10^/10

darkcomet 2014 persistence rat trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://mega.nz/file/ocx3DKyL#jsdaswUWznptm9hz7qSnGPU3Jy9hTlE3aRzrpmNIzxM

Resource

win11-20240412-en

darkcomet 2014 persistence rat trojan

windows11-21h2-x64

14 signatures

600 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

2014

C2

bluebebe.no-ip.biz:12345

Mutex

DC_MUTEX-MPU5N1Y

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
06nRcZVDGr3l
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  https://mega.nz/file/ocx3DKyL#jsdaswUWznptm9hz7qSnGPU3Jy9hTlE3aRzrpmNIzxM
Score

10^/10

darkcomet 2014 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

darkcomet2014persistencerattrojan

© 2018-2024

Terms | Privacy