darkcomet | f9897e02140a1dde25cc256ddecc4fcec61ed0508d02363915991b04ad18864c | Triage

Submit
Reports

Overview

overview

Static

static

3

0158424a03...18.exe

windows7-x64

0158424a03...18.exe

windows10-2004-x64

3

Sharing

General

Target

0158424a037a0bd2a0c5439e536f0cf4_JaffaCakes118
Size

266KB
Sample

240622-fglvjssgjp
MD5

0158424a037a0bd2a0c5439e536f0cf4
SHA1

52f4524da2c2671a7fab60c9b7eee28d6a610ad2
SHA256

f9897e02140a1dde25cc256ddecc4fcec61ed0508d02363915991b04ad18864c
SHA512

ae0083d29bb1220b61499c687a93433e2aa41708559a981a0e4dc7fbd7fee02381c8d9695928913a5fce406b25b4a3803ecddb3ff73315e236e4a6b5b7613d68
SSDEEP

6144:iAx4WRoA0L4kQLqOZ84AfWOhzNS3LZTROMyxSO8PduuNYh:L4WRnkQ2FDfBZS3VFygO8Psuy

Score

10^/10

darkcomet guest16_min persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0158424a037a0bd2a0c5439e536f0cf4_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet guest16_min persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0158424a037a0bd2a0c5439e536f0cf4_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-ZAMZ4GW

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
cdTYrpKBMlsf
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  0158424a037a0bd2a0c5439e536f0cf4_JaffaCakes118
- Size
  
  266KB
- MD5
  
  0158424a037a0bd2a0c5439e536f0cf4
- SHA1
  
  52f4524da2c2671a7fab60c9b7eee28d6a610ad2
- SHA256
  
  f9897e02140a1dde25cc256ddecc4fcec61ed0508d02363915991b04ad18864c
- SHA512
  
  ae0083d29bb1220b61499c687a93433e2aa41708559a981a0e4dc7fbd7fee02381c8d9695928913a5fce406b25b4a3803ecddb3ff73315e236e4a6b5b7613d68
- SSDEEP
  
  6144:iAx4WRoA0L4kQLqOZ84AfWOhzNS3LZTROMyxSO8PduuNYh:L4WRnkQ2FDfBZS3VFygO8Psuy
Score

10^/10

darkcomet guest16_min persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojanupx

behavioral2

© 2018-2024

Terms | Privacy