darkcomet | 43b5a19582bf1ecb7d5a97998f4d4fe68854f5800bc9373544d67aa54eaa62ea | Triage

Sharing

General

Target

fae3720e64245eba913ba5d5de5a637c_JaffaCakes118
Size

412KB
Sample

240419-wwm9xsbf88
MD5

fae3720e64245eba913ba5d5de5a637c
SHA1

bc7f68a84e695085a1311ceaf8db9241a6da2345
SHA256

43b5a19582bf1ecb7d5a97998f4d4fe68854f5800bc9373544d67aa54eaa62ea
SHA512

5212fbdbefb90fcfce0679f7220fe0f70c1f9049d3c9ad6dab7d86e7bb2c52283ef135d772bb3b7cc9d7d96e53ae88a02b0a312432998ae56234552bca845eaf
SSDEEP

12288:4hqgXz7Kb0oNAIDKth/iJ+2qtBuCXx9ar:457+b8JuVqX10

Score

10^/10

darkcomet guest16_min persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

tazukibounce.no-ip.info:9678

Mutex

DCMIN_MUTEX-PW6CDLH

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
4a1nDTvXMDlZ
install
true
offline_keylogger
true
persistence
false
reg_key
server

Targets

- Target
  
  fae3720e64245eba913ba5d5de5a637c_JaffaCakes118
- Size
  
  412KB
- MD5
  
  fae3720e64245eba913ba5d5de5a637c
- SHA1
  
  bc7f68a84e695085a1311ceaf8db9241a6da2345
- SHA256
  
  43b5a19582bf1ecb7d5a97998f4d4fe68854f5800bc9373544d67aa54eaa62ea
- SHA512
  
  5212fbdbefb90fcfce0679f7220fe0f70c1f9049d3c9ad6dab7d86e7bb2c52283ef135d772bb3b7cc9d7d96e53ae88a02b0a312432998ae56234552bca845eaf
- SSDEEP
  
  12288:4hqgXz7Kb0oNAIDKth/iJ+2qtBuCXx9ar:457+b8JuVqX10
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minrattrojan