darkcomet | 4237b668cc59f27a70cecb52f798b8d571742d9ffe5e7a1087614e6a8fe97bbe | Triage

Sharing

General

Target

1194f5446cf83a998dd3c5a6b20adf52_JaffaCakes118
Size

724KB
Sample

241004-dmp32s1dqm
MD5

1194f5446cf83a998dd3c5a6b20adf52
SHA1

dd0da335292c065e9f70151a9427cbe1c9cced96
SHA256

4237b668cc59f27a70cecb52f798b8d571742d9ffe5e7a1087614e6a8fe97bbe
SHA512

ebb1426ff4e89a5f8fdd2571de3dfbc831f4124e290a239aacc82ce530a19ab340bd92272b26ebefa7d11705553655f7726f08bc91e79e02af10820c30606b22
SSDEEP

12288:h2WJVCX0PjEUljKfg6+T99AhlWTq/IgPGsHXnzvLbLfw8X:hnJVfjEKjKh+T0hldIghXzvTf/

Score

10^/10

darkcomet guest16_min discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

reportablebugs.no-ip.biz:789

Mutex

DCMIN_MUTEX-9U5NSKF

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
HPaUy0bmUuDd
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  1194f5446cf83a998dd3c5a6b20adf52_JaffaCakes118
- Size
  
  724KB
- MD5
  
  1194f5446cf83a998dd3c5a6b20adf52
- SHA1
  
  dd0da335292c065e9f70151a9427cbe1c9cced96
- SHA256
  
  4237b668cc59f27a70cecb52f798b8d571742d9ffe5e7a1087614e6a8fe97bbe
- SHA512
  
  ebb1426ff4e89a5f8fdd2571de3dfbc831f4124e290a239aacc82ce530a19ab340bd92272b26ebefa7d11705553655f7726f08bc91e79e02af10820c30606b22
- SSDEEP
  
  12288:h2WJVCX0PjEUljKfg6+T99AhlWTq/IgPGsHXnzvLbLfw8X:hnJVfjEKjKh+T0hldIghXzvTf/
Score

10^/10

darkcomet guest16_min discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoverypersistencerattrojan

behavioral2

darkcometguest16_mindiscoverypersistencerattrojan