darkcomet | 6a22a4de220e4e271f2b9136ce963d1eb86fb2545f83f167de05dea3dca0904f | Triage

Sharing

General

Target

ea18fe0423c75ef98ba67ff5007c4ebe_JaffaCakes118
Size

1.1MB
Sample

240918-2jjc4awhje
MD5

ea18fe0423c75ef98ba67ff5007c4ebe
SHA1

639e898a3bd5ecd30d78f7c7e8893e79229bdfcf
SHA256

6a22a4de220e4e271f2b9136ce963d1eb86fb2545f83f167de05dea3dca0904f
SHA512

2c59ba02c4c19dfef8fe9bcbf00047484673ce8ef879c69245b303740997816f7c3965bb7c9f79d91a737d917a6f4e4fdef6bc6dc974616f7733a46a7e1e267e
SSDEEP

12288:5eyzrb2QQHxrYttm4Cfxa9ViAzKPDXkU9w4gUKdzKxi+2/AalQLZHf01noDPaswM:XDt4uF4Z/5AZJt2oancdh5kIHR6/XNV

Score

10^/10

darkcomet latentbot guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

darkcomet453.zapto.org:1609

Mutex

DC_MUTEX-ZRS9PQR

Attributes

gencode
usGcWAbWklcw
install
false
offline_keylogger
true
password
javaansejongens74
persistence
false

Extracted

Family

latentbot

C2

darkcomet453.zapto.org

Targets

- Target
  
  ea18fe0423c75ef98ba67ff5007c4ebe_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  ea18fe0423c75ef98ba67ff5007c4ebe
- SHA1
  
  639e898a3bd5ecd30d78f7c7e8893e79229bdfcf
- SHA256
  
  6a22a4de220e4e271f2b9136ce963d1eb86fb2545f83f167de05dea3dca0904f
- SHA512
  
  2c59ba02c4c19dfef8fe9bcbf00047484673ce8ef879c69245b303740997816f7c3965bb7c9f79d91a737d917a6f4e4fdef6bc6dc974616f7733a46a7e1e267e
- SSDEEP
  
  12288:5eyzrb2QQHxrYttm4Cfxa9ViAzKPDXkU9w4gUKdzKxi+2/AalQLZHf01noDPaswM:XDt4uF4Z/5AZJt2oancdh5kIHR6/XNV
Score

10^/10

darkcomet latentbot guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotguest16discoverypersistencerattrojan

behavioral2

darkcometlatentbotguest16discoverypersistencerattrojan