darkcomet | ef620704c613700230068fdebce73e5c02bf55eab3c769f254dae8e836bb2e81 | Triage

Resubmissions

15-10-2024 10:58

241015-m21yjazhpc 10

15-10-2024 08:02

241015-jxggjstckd 10

Sharing

General

Target

46a164b4d55bc0ce86a0eb8d1f0bf0ab_JaffaCakes118
Size

1.5MB
Sample

241015-m21yjazhpc
MD5

46a164b4d55bc0ce86a0eb8d1f0bf0ab
SHA1

ec07a7fb5cb84172a23df4dbc1859e986731c2ca
SHA256

ef620704c613700230068fdebce73e5c02bf55eab3c769f254dae8e836bb2e81
SHA512

166ccc1541e263803ed1d44fbdb839bdff4d2d590e1ece918c7d1ee53e234ff01e71ffdc7253535f63751de933c74034e79dce5a893c0ef2a172fd8d63cf9cef
SSDEEP

12288:4ejq8CtSp/MqZRWxriTLOucGXyjmrDNZnwAvYmSev2dJryCTW8H/uufTJC16BcjJ:ZRWdHmRIluk5lqqvx8zbqGEac1Ty

Score

10^/10

darkcomet 10101010101010 discovery persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

10101010101010

C2

pcbe.no-ip.org:82

Mutex

DC_MUTEX-63SE6T6

Attributes

InstallPath
MSDCSC\msdjcsc.exe
gencode
kzwtgw276UwL
install
true
offline_keylogger
true
password
12345678
persistence
true
reg_key
StartUp

Targets

- Target
  
  46a164b4d55bc0ce86a0eb8d1f0bf0ab_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  46a164b4d55bc0ce86a0eb8d1f0bf0ab
- SHA1
  
  ec07a7fb5cb84172a23df4dbc1859e986731c2ca
- SHA256
  
  ef620704c613700230068fdebce73e5c02bf55eab3c769f254dae8e836bb2e81
- SHA512
  
  166ccc1541e263803ed1d44fbdb839bdff4d2d590e1ece918c7d1ee53e234ff01e71ffdc7253535f63751de933c74034e79dce5a893c0ef2a172fd8d63cf9cef
- SSDEEP
  
  12288:4ejq8CtSp/MqZRWxriTLOucGXyjmrDNZnwAvYmSev2dJryCTW8H/uufTJC16BcjJ:ZRWdHmRIluk5lqqvx8zbqGEac1Ty
Score

10^/10

darkcomet 10101010101010 discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet10101010101010discoverypersistencerattrojanupx