darkcomet | 160a6d0b9f616e36142f6e63b0c465fd19df1dbcbc79bbf44c9e41d3cd547c12 | Triage

Sharing

General

Target

160a6d0b9f616e36142f6e63b0c465fd19df1dbcbc79bbf44c9e41d3cd547c12.exe
Size

885KB
Sample

250108-tgxtpsvnfs
MD5

2b541d5afc616ad7f22b33f454701401
SHA1

ab38bb5e1c8384b801e26aeb522c489f3afed030
SHA256

160a6d0b9f616e36142f6e63b0c465fd19df1dbcbc79bbf44c9e41d3cd547c12
SHA512

5a6356ca7af9663e5db64ff707389d120b41f938e4464aa0f4200b3f2b863f58d6bc9c2b8444e3db6b0864eecec3dc71a64800873f4150509538ec33442efe02
SSDEEP

24576:IgOCK33kZnEvq3Rh4P1998MmYEaucKwlyHn8M1Hj:dOhnmZWU/wOLHj

Score

10^/10

darkcomet yahoo1 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Yahoo1

C2

noonon.zapto.org:1244

hgohos.zapto.org:9531

Mutex

DC_MUTEX-DQRNTQX

Attributes

gencode
RdFkfe7MWLin
install
false
offline_keylogger
false
password
mynopass
persistence
false

Targets

- Target
  
  160a6d0b9f616e36142f6e63b0c465fd19df1dbcbc79bbf44c9e41d3cd547c12.exe
- Size
  
  885KB
- MD5
  
  2b541d5afc616ad7f22b33f454701401
- SHA1
  
  ab38bb5e1c8384b801e26aeb522c489f3afed030
- SHA256
  
  160a6d0b9f616e36142f6e63b0c465fd19df1dbcbc79bbf44c9e41d3cd547c12
- SHA512
  
  5a6356ca7af9663e5db64ff707389d120b41f938e4464aa0f4200b3f2b863f58d6bc9c2b8444e3db6b0864eecec3dc71a64800873f4150509538ec33442efe02
- SSDEEP
  
  24576:IgOCK33kZnEvq3Rh4P1998MmYEaucKwlyHn8M1Hj:dOhnmZWU/wOLHj
Score

10^/10

darkcomet yahoo1 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometyahoo1discoverypersistencerattrojan

behavioral2

darkcometyahoo1discoverypersistencerattrojan