darkcomet | 248ca03b232f75911bbc75fa9d2edca2a1e05227557a5b9bc0497156043b0a4e | Triage

Sharing

General

Target

248ca03b232f75911bbc75fa9d2edca2a1e05227557a5b9bc0497156043b0a4e.exe
Size

658KB
Sample

250116-jx5t5s1pgq
MD5

60de5cd87959e72e0245d5e18f523a05
SHA1

4d2c17c245e24f5b8a7e64958adbe0e3b6f7b959
SHA256

248ca03b232f75911bbc75fa9d2edca2a1e05227557a5b9bc0497156043b0a4e
SHA512

1772788d0b22d4c9ea18f9d5d2253b74718f60d315bc0ce668762b276202d69af9add4f8b846f15616429be029dbc5bc6e1b5525950734b7e0d38a5a6cae0f03
SSDEEP

12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hH:KZ1xuVVjfFoynPaVBUR8f+kN10EB9

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

aytugay123.duckdns.org:63

Mutex

DC_MUTEX-HAPDWK7

Attributes

InstallPath
Windows Updater
gencode
Ztwp6aCBwPiM
install
true
offline_keylogger
true
persistence
false
reg_key
CS:GO

Targets

- Target
  
  248ca03b232f75911bbc75fa9d2edca2a1e05227557a5b9bc0497156043b0a4e.exe
- Size
  
  658KB
- MD5
  
  60de5cd87959e72e0245d5e18f523a05
- SHA1
  
  4d2c17c245e24f5b8a7e64958adbe0e3b6f7b959
- SHA256
  
  248ca03b232f75911bbc75fa9d2edca2a1e05227557a5b9bc0497156043b0a4e
- SHA512
  
  1772788d0b22d4c9ea18f9d5d2253b74718f60d315bc0ce668762b276202d69af9add4f8b846f15616429be029dbc5bc6e1b5525950734b7e0d38a5a6cae0f03
- SSDEEP
  
  12288:+9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hH:KZ1xuVVjfFoynPaVBUR8f+kN10EB9
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan