darkcomet | fb9f876bc4e91df2cf44027af5897da38f646f25e1652857674c9a69b2beb04e | Triage

Sharing

General

Target

salam.zip
Size

11.9MB
Sample

240806-m5ymks1fnh
MD5

87973080c4af4599633d7f9f05316762
SHA1

3240fa549d25a32b5f0368073ab80d5e97672cbc
SHA256

fb9f876bc4e91df2cf44027af5897da38f646f25e1652857674c9a69b2beb04e
SHA512

a3ba15cbe1020a24d384acb601f22cb8b0134bdab3bef3d875c1d90343b906a6d4eb92b725a0d0bbd016cb474ccd091b48cc5c2d5abec43d6c8385fbc7e62ccc
SSDEEP

196608:zTDdNelq9wnJrOo5gPOaeXNH3flTrLl+DpZ5pfju/w9kGO6NmFkch2vd7NiP+9/h:zv6q+n1D5+OaedPlTF+VZ5pLuY9ko8CJ

Score

10^/10

darkcomet mal-track discovery persistence pyinstaller rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

mal-track

C2

127.0.0.1:1010

Mutex

DCMIN_MUTEX-NLY9NFG

Attributes

InstallPath
maltrack\maltrack.exe
gencode
Z6mh6RQnzK2e
install
true
offline_keylogger
true
persistence
false
reg_key
Mal-Track

Targets

- Target
  
  salam.zip
- Size
  
  11.9MB
- MD5
  
  87973080c4af4599633d7f9f05316762
- SHA1
  
  3240fa549d25a32b5f0368073ab80d5e97672cbc
- SHA256
  
  fb9f876bc4e91df2cf44027af5897da38f646f25e1652857674c9a69b2beb04e
- SHA512
  
  a3ba15cbe1020a24d384acb601f22cb8b0134bdab3bef3d875c1d90343b906a6d4eb92b725a0d0bbd016cb474ccd091b48cc5c2d5abec43d6c8385fbc7e62ccc
- SSDEEP
  
  196608:zTDdNelq9wnJrOo5gPOaeXNH3flTrLl+DpZ5pfju/w9kGO6NmFkch2vd7NiP+9/h:zv6q+n1D5+OaedPlTF+VZ5pLuY9ko8CJ
Score

10^/10

darkcomet mal-track discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pyinstallermal-trackdarkcomet

behavioral1

darkcometmal-trackdiscoverypersistencerattrojan

behavioral2