darkcomet | 21171f46cfb50dd24fde5c4bf845c310dbe7fa6a270a1e4fd77a02f592c7734d | Triage

Sharing

General

Target

a9ba868779371e1161d9faa291b094b2_JaffaCakes118
Size

353KB
Sample

240819-fxbphswcqf
MD5

a9ba868779371e1161d9faa291b094b2
SHA1

c32125a1163dea6adc0cd6e2ef2a0fc87b107304
SHA256

21171f46cfb50dd24fde5c4bf845c310dbe7fa6a270a1e4fd77a02f592c7734d
SHA512

e376d1fa50bb104b0b964db64bdeb40be7129e7a79c930405d2018af6f56745e5f62b87628c7acfd038ca06f08cc943bce721d3c4b98011695a520de1ecbdcac
SSDEEP

6144:vOE9QWWbCuKNcybHGFc4tJcq/mGSEyUrPD3BRJMSOZr4JXYQHd/:v4ceyrG+48qEEvDJ6lUXL9

Score

10^/10

darkcomet guest16 aspackv2 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

nnns.zapto.org:4433

Mutex

DC_MUTEX-X6WQ1LQ

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
35RPxwGLbfC3
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  a9ba868779371e1161d9faa291b094b2_JaffaCakes118
- Size
  
  353KB
- MD5
  
  a9ba868779371e1161d9faa291b094b2
- SHA1
  
  c32125a1163dea6adc0cd6e2ef2a0fc87b107304
- SHA256
  
  21171f46cfb50dd24fde5c4bf845c310dbe7fa6a270a1e4fd77a02f592c7734d
- SHA512
  
  e376d1fa50bb104b0b964db64bdeb40be7129e7a79c930405d2018af6f56745e5f62b87628c7acfd038ca06f08cc943bce721d3c4b98011695a520de1ecbdcac
- SSDEEP
  
  6144:vOE9QWWbCuKNcybHGFc4tJcq/mGSEyUrPD3BRJMSOZr4JXYQHd/:v4ceyrG+48qEEvDJ6lUXL9
Score

10^/10

darkcomet guest16 aspackv2 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16aspackv2discoverypersistencerattrojan

behavioral2

darkcometguest16aspackv2discoverypersistencerattrojan