darkcomet | 277b29da75be667b87ac5d2dd2ce45c8f1dc38a0ac463241de05ce57705d4e65 | Triage

Sharing

General

Target

3a7500df5571bc8ae1108afb529ec14b_JaffaCakes118
Size

658KB
Sample

240512-q8z7csce53
MD5

3a7500df5571bc8ae1108afb529ec14b
SHA1

454cbc5921a1336f1e8692779246130ce4857a86
SHA256

277b29da75be667b87ac5d2dd2ce45c8f1dc38a0ac463241de05ce57705d4e65
SHA512

0c61e651597ae4bbc4f2ac44f69f5591172d5af81f2c17c01631dea19f035b9a2dfd45af2975b61308900c4efe0a3c72bee695c9f4fc63d8b6485ff447a77b63
SSDEEP

12288:O9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFH:aiBIGkbxqEcjsWiDxguehC2SM

Score

10^/10

darkcomet guest16_min persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

192.168.111.135:1604

Mutex

DCMIN_MUTEX-4HS8P8W

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
zq8KQvyl6gUC
install
true
offline_keylogger
true
persistence
false
reg_key
RobloxHack

Targets

- Target
  
  3a7500df5571bc8ae1108afb529ec14b_JaffaCakes118
- Size
  
  658KB
- MD5
  
  3a7500df5571bc8ae1108afb529ec14b
- SHA1
  
  454cbc5921a1336f1e8692779246130ce4857a86
- SHA256
  
  277b29da75be667b87ac5d2dd2ce45c8f1dc38a0ac463241de05ce57705d4e65
- SHA512
  
  0c61e651597ae4bbc4f2ac44f69f5591172d5af81f2c17c01631dea19f035b9a2dfd45af2975b61308900c4efe0a3c72bee695c9f4fc63d8b6485ff447a77b63
- SSDEEP
  
  12288:O9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFH:aiBIGkbxqEcjsWiDxguehC2SM
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16_mindarkcomet

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan