darkcomet | a54374fbebdd89c10f55d3321a0d926f8631a1cb126598e9a502604c8031eafd | Triage

Sharing

General

Target

gang.exe
Size

658KB
Sample

241117-d5ltcavkaq
MD5

e7bd8408dd2f953a075215d62009b98f
SHA1

830c1f58cbd35b7dbcbc955ae4bcdb3d753c7f4c
SHA256

a54374fbebdd89c10f55d3321a0d926f8631a1cb126598e9a502604c8031eafd
SHA512

8dc8af946d701452bc0467725067616b7962024ec694be3b1d67c3e1ed07487c5dec3e168a2c76008c65d7769688548c86a2895af3cb176d044fed8820375ea1
SSDEEP

12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hW:eZ1xuVVjfFoynPaVBUR8f+kN10EBQ

Score

10^/10

darkcomet guest16_min discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-SLWCWZC

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
plL1zEd99z7k
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  gang.exe
- Size
  
  658KB
- MD5
  
  e7bd8408dd2f953a075215d62009b98f
- SHA1
  
  830c1f58cbd35b7dbcbc955ae4bcdb3d753c7f4c
- SHA256
  
  a54374fbebdd89c10f55d3321a0d926f8631a1cb126598e9a502604c8031eafd
- SHA512
  
  8dc8af946d701452bc0467725067616b7962024ec694be3b1d67c3e1ed07487c5dec3e168a2c76008c65d7769688548c86a2895af3cb176d044fed8820375ea1
- SSDEEP
  
  12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hW:eZ1xuVVjfFoynPaVBUR8f+kN10EBQ
Score

10^/10

darkcomet guest16_min discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16_mindarkcomet

behavioral1

darkcometguest16_mindiscoverypersistencerattrojan