darkcomet | 1dae4315cb8643e99e9d8fd908d09bcc90d72753ac0678b79f012388d0fb07c7 | Triage

Sharing

General

Target

c30305376703231413e1ce49b4b5f9da_JaffaCakes118
Size

1.2MB
Sample

240826-pt4qkatfkg
MD5

c30305376703231413e1ce49b4b5f9da
SHA1

b6d521817310336a99d891df1966dc0326384352
SHA256

1dae4315cb8643e99e9d8fd908d09bcc90d72753ac0678b79f012388d0fb07c7
SHA512

aa282c07fd9e4876f796064e226be059b1caeadc4905bbbd7625d1a71f17b9131a9614e2dd9e336d8b59022e322650b7cca4b78a4e47e5c4063e2be8c8aa6861
SSDEEP

24576:7M8/F06+lzHBIiDJS6wkfHi/vm93i7P+d18nDTcwxkXAhvHe:PFzIHpi29ya1gcwdQ

Score

10^/10

darkcomet latentbot malakas discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Malakas

C2

freskoskato.zapto.org:3030

Mutex

DCMIN_MUTEX-WKAQQJ6

Attributes

gencode
x6lGBwQztFAB
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

freskoskato.zapto.org

Targets

- Target
  
  c30305376703231413e1ce49b4b5f9da_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  c30305376703231413e1ce49b4b5f9da
- SHA1
  
  b6d521817310336a99d891df1966dc0326384352
- SHA256
  
  1dae4315cb8643e99e9d8fd908d09bcc90d72753ac0678b79f012388d0fb07c7
- SHA512
  
  aa282c07fd9e4876f796064e226be059b1caeadc4905bbbd7625d1a71f17b9131a9614e2dd9e336d8b59022e322650b7cca4b78a4e47e5c4063e2be8c8aa6861
- SSDEEP
  
  24576:7M8/F06+lzHBIiDJS6wkfHi/vm93i7P+d18nDTcwxkXAhvHe:PFzIHpi29ya1gcwdQ
Score

10^/10

darkcomet latentbot malakas discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotmalakasdiscoverypersistencerattrojan

behavioral2

darkcometlatentbotmalakasdiscoverypersistencerattrojan