darkcomet | 825034af80c22c76d6cab1c71433cd66d73fb777125d4541aebba4a9a738e5e3 | Triage

Sharing

General

Target

00b4508c912632a94e412cda51899c74_JaffaCakes118
Size

891KB
Sample

240426-n1ymfsba99
MD5

00b4508c912632a94e412cda51899c74
SHA1

92d770176192283fc313060da3aa64ab4f3fb0ce
SHA256

825034af80c22c76d6cab1c71433cd66d73fb777125d4541aebba4a9a738e5e3
SHA512

af0fe8cdea6cef68a6f5e47627779fc2079c7ddf73a94a5ee74472a9ad6a52cad13068d5fc0d7cbd076812270f33fd60cf8dc844af49927b381b310f61e4ce7b
SSDEEP

12288:k9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZYoa1sQDt:oZ1xuVVjfFoynPaVBUR8f+kN10EBnno

Score

10^/10

darkcomet guest16 evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

90.211.217.77:1604

Mutex

DC_MUTEX-PUCAX1M

Attributes

gencode
v0xzhQ2SiLAX
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  00b4508c912632a94e412cda51899c74_JaffaCakes118
- Size
  
  891KB
- MD5
  
  00b4508c912632a94e412cda51899c74
- SHA1
  
  92d770176192283fc313060da3aa64ab4f3fb0ce
- SHA256
  
  825034af80c22c76d6cab1c71433cd66d73fb777125d4541aebba4a9a738e5e3
- SHA512
  
  af0fe8cdea6cef68a6f5e47627779fc2079c7ddf73a94a5ee74472a9ad6a52cad13068d5fc0d7cbd076812270f33fd60cf8dc844af49927b381b310f61e4ce7b
- SSDEEP
  
  12288:k9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZYoa1sQDt:oZ1xuVVjfFoynPaVBUR8f+kN10EBnno
Score

10^/10

darkcomet guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionrattrojan

behavioral2

darkcometguest16evasionrattrojan