darkcomet | 7611b0f5accd0c96eda06b9607caeb4ecd85c8ae12760afa14017cad39650533 | Triage

Sharing

General

Target

15e2ca373ed5a4e5c3b5445d5c705699_JaffaCakes118
Size

736KB
Sample

241005-destzawang
MD5

15e2ca373ed5a4e5c3b5445d5c705699
SHA1

abfd39f71a93e433b5b5398e5476b1dce3b040b3
SHA256

7611b0f5accd0c96eda06b9607caeb4ecd85c8ae12760afa14017cad39650533
SHA512

b511984d451af5470da9578ff31dd5edae92cf148870db2a76701e06a29700965921497267b9141b40b96ad7f387230bc12895f7a5dd56ee215bc4bc2048d4f2
SSDEEP

12288:5E9kxcwQVYh/mb3X7WPy2lB9JU8JKPiX1DxQJDa9fGAimQF83RlL:5owQC+TX7V2lBXU8YPk1DxQJDamo

Score

10^/10

darkcomet leftover-bot discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Leftover-Bot

C2

eeeeeeeeez.no-ip.biz:3399

Mutex

DC_MUTEX-VH5J4FZ

Attributes

gencode
LMhodUgatoJ1
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  15e2ca373ed5a4e5c3b5445d5c705699_JaffaCakes118
- Size
  
  736KB
- MD5
  
  15e2ca373ed5a4e5c3b5445d5c705699
- SHA1
  
  abfd39f71a93e433b5b5398e5476b1dce3b040b3
- SHA256
  
  7611b0f5accd0c96eda06b9607caeb4ecd85c8ae12760afa14017cad39650533
- SHA512
  
  b511984d451af5470da9578ff31dd5edae92cf148870db2a76701e06a29700965921497267b9141b40b96ad7f387230bc12895f7a5dd56ee215bc4bc2048d4f2
- SSDEEP
  
  12288:5E9kxcwQVYh/mb3X7WPy2lB9JU8JKPiX1DxQJDa9fGAimQF83RlL:5owQC+TX7V2lBXU8YPk1DxQJDamo
Score

10^/10

darkcomet leftover-bot discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometleftover-botdiscoverypersistencerattrojan

behavioral2

darkcometleftover-botdiscoverypersistencerattrojan