Overview

overview

10

Static

static

10

f03f4eec55...18.exe

windows7-x64

10

f03f4eec55...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f03f4eec551892fd56cd50faefe098c3_JaffaCakes118

  • Size

    758KB

  • Sample

    240415-egfsvsge2z

  • MD5

    f03f4eec551892fd56cd50faefe098c3

  • SHA1

    661a0acbd9d94e8a915e59e922af36022a3d8898

  • SHA256

    d8d95587173077265b251ef2ad7d0682a229ad227b5878d3d9dd9a638eef9841

  • SHA512

    7b6acfc53f86b281cb2e841c1ec3f851c2b4e7b30358ec29740076d1b888bb531e35ad6465be026cee4a2fac38632609f62b60afc323f355e2ab73ce47db9c59

  • SSDEEP

    12288:yXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uy:8nAw2WWeFcfbP9VPSPMTSPL/rWvzq4Ji

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

andrey222.hopto.org:1604

Mutex

DC_MUTEX-TUY6P8V

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    YWgrDFvxt48B

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      f03f4eec551892fd56cd50faefe098c3_JaffaCakes118

    • Size

      758KB

    • MD5

      f03f4eec551892fd56cd50faefe098c3

    • SHA1

      661a0acbd9d94e8a915e59e922af36022a3d8898

    • SHA256

      d8d95587173077265b251ef2ad7d0682a229ad227b5878d3d9dd9a638eef9841

    • SHA512

      7b6acfc53f86b281cb2e841c1ec3f851c2b4e7b30358ec29740076d1b888bb531e35ad6465be026cee4a2fac38632609f62b60afc323f355e2ab73ce47db9c59

    • SSDEEP

      12288:yXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uy:8nAw2WWeFcfbP9VPSPMTSPL/rWvzq4Ji

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks