darkcomet | e9c66c3cfab15bca74fdfcf7b24faad7c8cc069c1485f8e36e51bb364e315df4 | Triage

Sharing

General

Target

19583a8dcbc9d5ceafc6e782d2c8ad3f_JaffaCakes118
Size

1.2MB
Sample

241006-x1aeas1cqr
MD5

19583a8dcbc9d5ceafc6e782d2c8ad3f
SHA1

db1fdfa3356130a4c0fa18d118db34dcb89e69f4
SHA256

e9c66c3cfab15bca74fdfcf7b24faad7c8cc069c1485f8e36e51bb364e315df4
SHA512

13c20006d932066c23de17f00421c29d7b1d8cc88dcbe4ee914428e55bc3f68d36a01b8f7587b5ca94b7ea630a8c8f88d239c7a41b896593a99a5728ad969c60
SSDEEP

24576:v2O/Gl3TGNX/CqAD34+6ySztK/Si9EhsHkoN9yXG7g6zwm4m53Sb26i:uGNKq+34y/SvhIryW5kFm53Sy7

Score

10^/10

darkcomet extensions discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Extensions

C2

root.s4media.ru:6293

Mutex

DC_MUTEX-327UA0Q

Attributes

gencode
Zyiaac1SB5ik
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  19583a8dcbc9d5ceafc6e782d2c8ad3f_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  19583a8dcbc9d5ceafc6e782d2c8ad3f
- SHA1
  
  db1fdfa3356130a4c0fa18d118db34dcb89e69f4
- SHA256
  
  e9c66c3cfab15bca74fdfcf7b24faad7c8cc069c1485f8e36e51bb364e315df4
- SHA512
  
  13c20006d932066c23de17f00421c29d7b1d8cc88dcbe4ee914428e55bc3f68d36a01b8f7587b5ca94b7ea630a8c8f88d239c7a41b896593a99a5728ad969c60
- SSDEEP
  
  24576:v2O/Gl3TGNX/CqAD34+6ySztK/Si9EhsHkoN9yXG7g6zwm4m53Sb26i:uGNKq+34y/SvhIryW5kFm53Sy7
Score

10^/10

darkcomet extensions discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometextensionsdiscoverypersistencerattrojan

behavioral2

darkcometextensionsdiscoverypersistencerattrojan