darkcomet | 5ef7d95917b8acf2497ee66f9e3191486e64a4435a2f5706b90596b86ac1e20f | Triage

Sharing

General

Target

aa9ab16925a51b0473614d015cc06ac7_JaffaCakes118
Size

1.3MB
Sample

240819-l9kqva1gmm
MD5

aa9ab16925a51b0473614d015cc06ac7
SHA1

972ff4ecafa5dbf2ff45ab65ffacd57ebb95054b
SHA256

5ef7d95917b8acf2497ee66f9e3191486e64a4435a2f5706b90596b86ac1e20f
SHA512

3634303c707e66a2574a7992c5b4ce52d143f2633d98a15f0df07ec367ffead0a9fff60e28134b292f319982fc395ce5697be327e25f7e659f747fa72d338211
SSDEEP

24576:HhqUJRZRr/RM613O75t4PoRGYB7tc4ownYMenNsztdXHjT9ba0MAlsF:HhqsRFOYPAG4Bc7+3RnOLE8

Score

10^/10

darkcomet ludo discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Ludo

C2

dreamlegendz.no-ip.org:81

Mutex

DC_MUTEX-49L00KE

Attributes

gencode
lCZJxoGdy28A
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  aa9ab16925a51b0473614d015cc06ac7_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  aa9ab16925a51b0473614d015cc06ac7
- SHA1
  
  972ff4ecafa5dbf2ff45ab65ffacd57ebb95054b
- SHA256
  
  5ef7d95917b8acf2497ee66f9e3191486e64a4435a2f5706b90596b86ac1e20f
- SHA512
  
  3634303c707e66a2574a7992c5b4ce52d143f2633d98a15f0df07ec367ffead0a9fff60e28134b292f319982fc395ce5697be327e25f7e659f747fa72d338211
- SSDEEP
  
  24576:HhqUJRZRr/RM613O75t4PoRGYB7tc4ownYMenNsztdXHjT9ba0MAlsF:HhqsRFOYPAG4Bc7+3RnOLE8
Score

10^/10

darkcomet ludo discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometludodiscoverypersistencerattrojan

behavioral2

darkcometludodiscoverypersistencerattrojan