darkcomet

Sharing

Copy URL

Twitter E-mail

General

Target

693d0e75117786c05a23a40915b0440e_JaffaCakes118
Size

4.3MB
Sample

240523-bglsbsfg91
MD5

693d0e75117786c05a23a40915b0440e
SHA1

d1bd566408d49b3cda734d045e3387ee821c4cac
SHA256

4de3c9059ad7bba0d41c6884ecb885638dd0860bc7712f1f6367bb75f4fd2307
SHA512

0c3242360589233a9a3da8158cf85d39ac722732ff90421efeb433d72bdd7538dbe1d42e55bfe093df6d33c04ad686a271e1ce89faeea71cf20fddde015c1269
SSDEEP

98304:xB2fetOSj4J7+NlNbDrfIwAgCRLtu6a6fAQFdClR0EQ+8t:SfrSHNlNbDrffwu6awSLLQ5t

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

A1Client

subdomain-dns.duckdns.org:3725

Mutex

DC_MUTEX-9WL5KMH

Attributes

gencode
F7b2NJbuPvt9
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/IconInjector.dll
- Size
  
  13KB
- MD5
  
  a011c4d9973857b53c6d26bb616ec7db
- SHA1
  
  cabb81130a064bf9ca41047205af18ecd456433c
- SHA256
  
  360b7cb7812529a3902c8adebec8975019454f762200b98ee78213532416f435
- SHA512
  
  e8085290144e6090918c7bbff20e626f6d7812187f778b9c5705e4710ac589e020ba626c09be43156dcacf846f8571e7690e1e3569d704db3067be365833e6e3
- SSDEEP
  
  192:jLCpu5cRy2zdtwsYvCZVzQInlYJL/efvnaDNIDLTHqaf+UJxX+3DrDmWcLc9C:jL+pY25OvCpQdqHnq+LTQUmrDmW98
Score

1^/10
behavioral1 behavioral2
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Interop.NATUPNPLib.dll
- Size
  
  7KB
- MD5
  
  8a24aa73080b46f93c4c9f3450fe43e5
- SHA1
  
  ed0d8edf55ea6b0d717813fd829e434eb3d63abb
- SHA256
  
  e45f7168be51641d43873f90ff538f9f7557755e911dc23783ff6a4028c30c25
- SHA512
  
  17325bab37fb2a0975ba3e3885a73f235e06f1634124743eca2c2c76e5f2d76fbb751ca8eccecbeef8bb6a9872970e44e6e5847adc54af1cf63dd6f9a5c3b13d
- SSDEEP
  
  96:CFinj09TiY5IxaUsyKY05YgZsXFn6cQkE8g8nIxqG0tVClW:mGEJIrKrYgZsd6wVIiX
Score

1^/10
behavioral3 behavioral4
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Mono.Cecil.dll
- Size
  
  305KB
- MD5
  
  851ec9d84343fbd089520d420348a902
- SHA1
  
  f8e2a80130058e4db3cf569cf4297d07d05c93e0
- SHA256
  
  cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
- SHA512
  
  5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1
- SSDEEP
  
  6144:ueMQM/aMOZabe3h1PtRjAqmYVNf3yTXcYBbt6KMBhu:uF/aMDb8BtRjA7XcYNclB
Score

1^/10
behavioral5 behavioral6
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET Cracked [VersionPremium].exe
- Size
  
  2.9MB
- MD5
  
  451b1dd1b12dbd70f3cf580deae0696d
- SHA1
  
  81024d91d94c302e85455badb21e3a2e4f694eda
- SHA256
  
  ade39b5cb7124f165ed933e8e7f45469aebe1bb85cec8aadff7fee8ae99e499e
- SHA512
  
  7fc86b44a02d47f6b577d93ff81c0ba7239995b2d4f1e02475d963f593d9d2ac6ab451770ab4a7fefc9d440e33eeff494d6274fab66f4033f97bd0bb9a57d802
- SSDEEP
  
  49152:P4+T1crpOB3pVPnBaTOhm5PbQqKpcYeD4K2CqFXBSLlTJcGXDlp/yBFwvP:xT1crpY5zWOEB4qYeSCq2Ll93YFq
Score

10^/10

darkcomet a1client rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral7 behavioral8
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/NingaliNET [Original].exe
- Size
  
  1.4MB
- MD5
  
  eeda9e3dba1a866465f817af9e7c8212
- SHA1
  
  b78966eb20fdd1c9b4c22c409b2bb9a9a071d680
- SHA256
  
  f656b5b6736911a787fc4f3374ff247cfbcb277c7c2945c9c5c462354fea968c
- SHA512
  
  7a7b008b23d1164cfb851c1dc5aa8545b1a76764c331c41cb7de18647f103ac99b138dd7fad20823c90362e17efa043b5517aa8ba11cb5cf836423ace430eccc
- SSDEEP
  
  12288:Vtop+3x/jgQV7nXM3bFsatCwCUA0s1G9uaumrnmaR1G9218lgrIh1j:Vf3keatCwCsuGEarjmaGg2G
Score

1^/10
behavioral10 behavioral9
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Filebinder.bin
- Size
  
  14KB
- MD5
  
  f4c7f8ef90e34c3e9f19d1366db79f03
- SHA1
  
  3ee1d1fafa5444b376c729279939a64a69caa544
- SHA256
  
  3ab5e13d7c560937ec3e1f764fb728bc81d22a177c695507065e09ae12d98894
- SHA512
  
  82246a0b218d2fda14fcb358d5abc58a8d7b3c57cffad22c198f2bfdabc7465848940ef9b6a627a403197bf1a635feb2bec098725f9a2ef91b217f0bb466c78e
- SSDEEP
  
  384:j6FMwWPfLQV42kuGCy4ju7LRB3u0+L6JOCzYcCe:uFHWPfXCEJvzYcCe
Score

1^/10
behavioral11 behavioral12
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/Server.bin
- Size
  
  150KB
- MD5
  
  8ee6cfa5124a73f0e61d602ea7878863
- SHA1
  
  fbdff1a9009c2df072d74699f97700ccf2356ce7
- SHA256
  
  37df8b661f2ac4bf71ff9ef424de495813468294a4d88d682c45da1333859aa4
- SHA512
  
  da86a1e56e181c03ed7728b0cbbc9c516bdbe130361f2e74364a14d7686e148591dc272c4f5408d3f3f9e1e3d171a32c2af10927f46c0153e1d9b7e0c8997089
- SSDEEP
  
  3072:VLhz+8pIFc/i3bJ1c2kHWuVx1cep3a9xk9knBq:7z+n3bQHWCx1cepK9xJn
Score

1^/10
behavioral13 behavioral14
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlentrypoint.bin
- Size
  
  11KB
- MD5
  
  14960a1079f4ffbfb46f553cfc52ad09
- SHA1
  
  b3d18ffc2b1120d3a58c04d45bd3a404aceb8af3
- SHA256
  
  b047352ca4a417181e493c6f353eba94a0fce9d67507dc0f3d694b49b4fce6ef
- SHA512
  
  2bf999073f35df968d2c9bfc2189dbba163487c7287d1475dde998379bd20969d5140fbff7b6c01f9e7031871342a57ab1b215172bfd15dfac15b025dee0954c
- SSDEEP
  
  192:03WKyDozynM11XvrKclkpZmGnloYk4ONIDLR7fV0ovpptwiA:03WvooMnXvrKcl+y4u+LR7Zxp6iA
Score

1^/10
behavioral15 behavioral16
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Plugins/dlnormal.bin
- Size
  
  11KB
- MD5
  
  2b53e572879a63aaa6ab032221a24d99
- SHA1
  
  cecfb4dad0d128bc78369aba53839828af223ff1
- SHA256
  
  0e36c6fbbc68953d2702c3d5f84eeb35912ce9a53aadf467f8df60faf51a7f5e
- SHA512
  
  327d26775f38f29f462c8a3a9d921ab0d89cf80527acb2ddd539d0842988f93c2cbf335a865cea893ab2a81915a95683cdfd8033f9a357aacbf0b8d3360e8188
- SSDEEP
  
  192:3d3WKytoFQldQKDFdzG1nvlldKXZmGnloYk46NIDLRKQVuYvpxGBA:N3Wuy7FBGJvl7KJy4q+LRK6lx8A
Score

1^/10
behavioral17 behavioral18
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/Res/res.exe
- Size
  
  861KB
- MD5
  
  66064dbdb70a5eb15ebf3bf65aba254b
- SHA1
  
  0284fd320f99f62aca800fb1251eff4c31ec4ed7
- SHA256
  
  6a94dbda2dd1edcff2331061d65e1baf09d4861cc7ba590c5ec754f3ac96a795
- SHA512
  
  b05c6c09ae7372c381fba591c3cb13a69a2451b9d38da1a95aac89413d7438083475d06796acb5440cd6ec65b030c9fa6cbdaa0d2fe91a926bae6499c360f17f
- SSDEEP
  
  24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
Score

1^/10
behavioral19 behavioral20
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/SocketServer.dll
- Size
  
  15KB
- MD5
  
  7f57ffb2f3def9388705e078c05f9818
- SHA1
  
  1632a47a3f5d130d739be02c78cc5a127c2bdde7
- SHA256
  
  1102f0cb41a876632c5c516da1645973867c77f1cf25ab18a705b33d4f7d1d99
- SHA512
  
  c25f300838475482f02d1223fd312d1a6f6d42591af8024e9a00f80e9a02621b74fa368ed8db3da08e59bb6c015b86820de0dc14c45a2db8fdaf3dbc438bdda6
- SSDEEP
  
  384:TdLY3cAoBc+R6V6j5qj1G+LTvYAtKt3rRP:JY36Bc+RzjnA8JrR
Score

1^/10
behavioral21 behavioral22
- Target
  
  NingaliNET-RAT 1.0.2.1/NingaliNET 1.0.2.1/upnp.dll
- Size
  
  11KB
- MD5
  
  ca53e14184fb09ef3294cc4c51e21e04
- SHA1
  
  0917bb5e295c9bd59ad3b0929bf1ad1f08122a86
- SHA256
  
  7a915097caf17b3daa528e90d44972306fdfb0f7b46089b4b6332bfb70dcf1ae
- SHA512
  
  3ee019448aeb0e47ead9395d4edc53573705c95592bb36b26f688e07810f9eab85f551ca8b41048c8e2bea681831dd1d64b368f71023e4d0f423c8632fcb2167
- SSDEEP
  
  192:hKATtBzEToGAnDZVenlYJL/ertIuLROw6OW+Wv:hKEBQc5t9qBzLR2O1Wv
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Drops desktop.ini file(s)

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24