darkcomet | a6c57a312f7268759455cf5a598493127cf8346ad931cf87d02d73ce1f3ae4b3 | Triage

Sharing

General

Target

ab8d4909e57445a8336fbb8d47a8b53e_JaffaCakes118
Size

1.3MB
Sample

240819-swbpcavhpn
MD5

ab8d4909e57445a8336fbb8d47a8b53e
SHA1

8bc076f9367c6e7675357cca7510e35d81d34cd0
SHA256

a6c57a312f7268759455cf5a598493127cf8346ad931cf87d02d73ce1f3ae4b3
SHA512

23d8296410a67d5dbf394c865312060c02c74e49691d4c3037e8c436f9ced6cac82fc16129a008bab2ca54cc59f17b4f183a4505160274d8b10d6d03f5e1c98a
SSDEEP

24576:sTGCHOQ5J/0fJSFNa9fYhsahiyKiEEdOlI/b2Gs104JfoMPXxAe7w788zFDgjT:oGgkJSFNifWUyGlSbdz4fjT

Score

10^/10

darkcomet latentbot svz discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

svz

C2

cenivarbofo.zapto.org:2222

Mutex

DC_MUTEX-NKKENEC

Attributes

gencode
mfmi136e3CLc
install
false
offline_keylogger
false
persistence
false

Extracted

Family

latentbot

C2

cenivarbofo.zapto.org

Targets

- Target
  
  ab8d4909e57445a8336fbb8d47a8b53e_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  ab8d4909e57445a8336fbb8d47a8b53e
- SHA1
  
  8bc076f9367c6e7675357cca7510e35d81d34cd0
- SHA256
  
  a6c57a312f7268759455cf5a598493127cf8346ad931cf87d02d73ce1f3ae4b3
- SHA512
  
  23d8296410a67d5dbf394c865312060c02c74e49691d4c3037e8c436f9ced6cac82fc16129a008bab2ca54cc59f17b4f183a4505160274d8b10d6d03f5e1c98a
- SSDEEP
  
  24576:sTGCHOQ5J/0fJSFNa9fYhsahiyKiEEdOlI/b2Gs104JfoMPXxAe7w788zFDgjT:oGgkJSFNifWUyGlSbdz4fjT
Score

10^/10

darkcomet latentbot svz discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotsvzdiscoverypersistencerattrojan

behavioral2

darkcometlatentbotsvzdiscoverypersistencerattrojan