darkcomet | 511c2164990ee3d37cd456adc3f45807bf6206a58505479acffd0d4c9a5671f7 | Triage

Sharing

General

Target

acd426055b1c58e8f322993bfafd16b0_JaffaCakes118
Size

368KB
Sample

240819-2c7gcayhja
MD5

acd426055b1c58e8f322993bfafd16b0
SHA1

fbbd25fefb8dff81d6ba2d017b8ec311f291f10b
SHA256

511c2164990ee3d37cd456adc3f45807bf6206a58505479acffd0d4c9a5671f7
SHA512

d08b199fd0563647b33639d1c3086759044ee1010c0eb6e9e1821dd51943e6199dd165adfe82af39b53d014b3e9867b928742eb4cb01d12940ddcb46a054e6b4
SSDEEP

6144:jX6GsHrzGkmp/7ap1XSDgROePpdqf+wUFsVGv4cQFXxnO+KxDy:LrsLzMp/7aphSkxpAfhkO1hKy

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

aniss1.no-ip.biz:82

Mutex

DC_MUTEX-N60MKLN

Attributes

gencode
DPgy4ZqsndoU
install
false
offline_keylogger
true
password
123
persistence
false

Targets

- Target
  
  acd426055b1c58e8f322993bfafd16b0_JaffaCakes118
- Size
  
  368KB
- MD5
  
  acd426055b1c58e8f322993bfafd16b0
- SHA1
  
  fbbd25fefb8dff81d6ba2d017b8ec311f291f10b
- SHA256
  
  511c2164990ee3d37cd456adc3f45807bf6206a58505479acffd0d4c9a5671f7
- SHA512
  
  d08b199fd0563647b33639d1c3086759044ee1010c0eb6e9e1821dd51943e6199dd165adfe82af39b53d014b3e9867b928742eb4cb01d12940ddcb46a054e6b4
- SSDEEP
  
  6144:jX6GsHrzGkmp/7ap1XSDgROePpdqf+wUFsVGv4cQFXxnO+KxDy:LrsLzMp/7aphSkxpAfhkO1hKy
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan