darkcomet | 64ea99edbcd0043f4224688f6fbb0216c4495dd1dfed553eae3fcdc75c97f963 | Triage

Sharing

General

Target

f96e1bf66b8130410009d9385fb1d4b2_JaffaCakes118
Size

1.5MB
Sample

240419-ea2rragg5y
MD5

f96e1bf66b8130410009d9385fb1d4b2
SHA1

07c00813f7acc4385b8e560e3e225bc8428f6318
SHA256

64ea99edbcd0043f4224688f6fbb0216c4495dd1dfed553eae3fcdc75c97f963
SHA512

3d883743614fcf11b4f3514d73166fe80f6c5df0c45feb8d05d3ab8ad51fb77dccb5e6b2bbe13bfa62e8e946873196ae62bcd9aed60b2c2c6b4b2037b9cad7ed
SSDEEP

24576:8HhKD9sk9ovoFZVA/+JH6REiH5BdDbKZU6P23tDkqDGNbw6OT:/9dDJaRNHbdDB24DkPN

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-BJPQTYY

Attributes

InstallPath
PDF_ChallanList_1_21_2016 12_00_00 AM
gencode
clubUqWbr20Q
install
true
offline_keylogger
true
password
0123456789
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  f96e1bf66b8130410009d9385fb1d4b2_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  f96e1bf66b8130410009d9385fb1d4b2
- SHA1
  
  07c00813f7acc4385b8e560e3e225bc8428f6318
- SHA256
  
  64ea99edbcd0043f4224688f6fbb0216c4495dd1dfed553eae3fcdc75c97f963
- SHA512
  
  3d883743614fcf11b4f3514d73166fe80f6c5df0c45feb8d05d3ab8ad51fb77dccb5e6b2bbe13bfa62e8e946873196ae62bcd9aed60b2c2c6b4b2037b9cad7ed
- SSDEEP
  
  24576:8HhKD9sk9ovoFZVA/+JH6REiH5BdDbKZU6P23tDkqDGNbw6OT:/9dDJaRNHbdDB24DkPN
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan