darkcomet | 828097748102f6c55488752e28d5d4ecf88e23ce64d781db6864e4d0b26e521b | Triage

Sharing

General

Target

658b5619a4fa44e43cffbdd72a2b558a_JaffaCakes118
Size

658KB
Sample

240522-bz81ksgb76
MD5

658b5619a4fa44e43cffbdd72a2b558a
SHA1

083244d2f0fb60b98beff689a9ad50a24be70895
SHA256

828097748102f6c55488752e28d5d4ecf88e23ce64d781db6864e4d0b26e521b
SHA512

671840914b71c7db6b01404112495f5ff741e31b7cbc027ba56411e504ee8a4b545b6b15b386fbfa86a483182e37840bdc89222dcc54d3159eb11b06131bbd01
SSDEEP

12288:O9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFy:aiBIGkbxqEcjsWiDxguehC2Sp

Score

10^/10

darkcomet guest16 evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

andrewhack.ddns.net:1604

Mutex

DC_MUTEX-B87KPWJ

Attributes

gencode
PJAJatPmpqA4
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  658b5619a4fa44e43cffbdd72a2b558a_JaffaCakes118
- Size
  
  658KB
- MD5
  
  658b5619a4fa44e43cffbdd72a2b558a
- SHA1
  
  083244d2f0fb60b98beff689a9ad50a24be70895
- SHA256
  
  828097748102f6c55488752e28d5d4ecf88e23ce64d781db6864e4d0b26e521b
- SHA512
  
  671840914b71c7db6b01404112495f5ff741e31b7cbc027ba56411e504ee8a4b545b6b15b386fbfa86a483182e37840bdc89222dcc54d3159eb11b06131bbd01
- SSDEEP
  
  12288:O9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFy:aiBIGkbxqEcjsWiDxguehC2Sp
Score

10^/10

darkcomet guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionrattrojan

behavioral2

darkcometguest16evasionrattrojan