darkcomet | 90dca261cdf62cf57388f0ec53862f52177fcd89cd258caf57f738659f617e13 | Triage

Sharing

General

Target

8d791801fa078e4e1e806d295da56aa4_JaffaCakes118
Size

735KB
Sample

240812-f177wsxcjr
MD5

8d791801fa078e4e1e806d295da56aa4
SHA1

4aaaee757b6e9d07d511c951ede98e86c2344595
SHA256

90dca261cdf62cf57388f0ec53862f52177fcd89cd258caf57f738659f617e13
SHA512

9534fc3e1a98c7eb95af43ecd7d26c9831c7c325b81269c44257fcb27fd309b996717affd7cf884eb6771fd65d0db1a63a91cd4b659414dd77b9136b5c8ada03
SSDEEP

12288:vXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Up:fnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JZ

Score

10^/10

darkcomet latentbot guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hoangduybmbm.zapto.org:4567

Mutex

DC_MUTEX-AHH4VSD

Attributes

gencode
Hqj5MNYoQxF1
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

hoangduybmbm.zapto.org

Targets

- Target
  
  8d791801fa078e4e1e806d295da56aa4_JaffaCakes118
- Size
  
  735KB
- MD5
  
  8d791801fa078e4e1e806d295da56aa4
- SHA1
  
  4aaaee757b6e9d07d511c951ede98e86c2344595
- SHA256
  
  90dca261cdf62cf57388f0ec53862f52177fcd89cd258caf57f738659f617e13
- SHA512
  
  9534fc3e1a98c7eb95af43ecd7d26c9831c7c325b81269c44257fcb27fd309b996717affd7cf884eb6771fd65d0db1a63a91cd4b659414dd77b9136b5c8ada03
- SSDEEP
  
  12288:vXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Up:fnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JZ
Score

10^/10

darkcomet latentbot guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies firewall policy service
  evasion
- Disables Task Manager via registry modification
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometlatentbotguest16discoveryevasionrattrojan

behavioral2

darkcometlatentbotguest16discoveryevasionrattrojan