darkcomet | ddcb59fd746f8b3d39a85368b5d95bebfbf01d40cb959fb116b5c36dbac9ebc1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06fb104d2b060e3902255c42040aa8f4_JaffaCakes118
Size

1.0MB
Sample

241001-xh927syekf
MD5

06fb104d2b060e3902255c42040aa8f4
SHA1

1aa7f0f3cc9dcd1c13d2e53bbdf9622703a29b9c
SHA256

ddcb59fd746f8b3d39a85368b5d95bebfbf01d40cb959fb116b5c36dbac9ebc1
SHA512

8f82126f022916e1d97c0497d14a264f1ccee7d154044fa2a70aec4d16cd3add04d714c56a3d787cd5c83da246e18d7f59525afc0da00a679e23b427b56deaf3
SSDEEP

24576:1IbYNQlxYDD4XkZwhgxkjbwXApMp3Hl1x4BYLgyScvbR+vBF:6UNQLYX4qmj4aIXl1QqgyTDR+

Score

10^/10

darkcomet server discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Server

C2

122.173.185.68:1604

59.161.73.173:1604

127.0.0.1:1604

snakepulp.no-ip.org:1604

Mutex

DC_MUTEX-DG42A6T

Attributes

gencode
W6jjX1wse8GT
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  06fb104d2b060e3902255c42040aa8f4_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  06fb104d2b060e3902255c42040aa8f4
- SHA1
  
  1aa7f0f3cc9dcd1c13d2e53bbdf9622703a29b9c
- SHA256
  
  ddcb59fd746f8b3d39a85368b5d95bebfbf01d40cb959fb116b5c36dbac9ebc1
- SHA512
  
  8f82126f022916e1d97c0497d14a264f1ccee7d154044fa2a70aec4d16cd3add04d714c56a3d787cd5c83da246e18d7f59525afc0da00a679e23b427b56deaf3
- SSDEEP
  
  24576:1IbYNQlxYDD4XkZwhgxkjbwXApMp3Hl1x4BYLgyScvbR+vBF:6UNQLYX4qmj4aIXl1QqgyTDR+
Score

10^/10

darkcomet server discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometserverdiscoverypersistencerattrojan

behavioral2

darkcometserverdiscoverypersistencerattrojan