darkcomet | 78ec95ad336c405b74650812006a55c89dc257c282d3a58c4b5ed6d6a0a55591 | Triage

Sharing

General

Target

4fa10e70f53a9947787d5e5928e03622_JaffaCakes118
Size

756KB
Sample

241016-3kzbdashjn
MD5

4fa10e70f53a9947787d5e5928e03622
SHA1

285cfbe91413c36b4eac407c89e60972e1e66ff8
SHA256

78ec95ad336c405b74650812006a55c89dc257c282d3a58c4b5ed6d6a0a55591
SHA512

d14bcab7125733f5159a3e09b713fd65c7bfd69e0d7986a169353474f1d36a94a767b4d185ec2e34e93c2d3206236a30cc27ba5fdb93da4332c3c9f9c14866aa
SSDEEP

12288:m1yx8RerZSqe4fjTp/HfZ0JEbl2W8fWcabKyfYDq8x9KXwTv4VLetbO7ZaJTKtzp:qyx8Rerf3Xp/vcfWcabKH7x9KAj4VL6c

Score

10^/10

darkcomet vitime yt discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Vitime YT

C2

88.163.214.79:81

Mutex

DC_MUTEX-1RSV4NZ

Attributes

gencode
Fk2TxcHZRhyL
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  4fa10e70f53a9947787d5e5928e03622_JaffaCakes118
- Size
  
  756KB
- MD5
  
  4fa10e70f53a9947787d5e5928e03622
- SHA1
  
  285cfbe91413c36b4eac407c89e60972e1e66ff8
- SHA256
  
  78ec95ad336c405b74650812006a55c89dc257c282d3a58c4b5ed6d6a0a55591
- SHA512
  
  d14bcab7125733f5159a3e09b713fd65c7bfd69e0d7986a169353474f1d36a94a767b4d185ec2e34e93c2d3206236a30cc27ba5fdb93da4332c3c9f9c14866aa
- SSDEEP
  
  12288:m1yx8RerZSqe4fjTp/HfZ0JEbl2W8fWcabKyfYDq8x9KXwTv4VLetbO7ZaJTKtzp:qyx8Rerf3Xp/vcfWcabKH7x9KAj4VL6c
Score

10^/10

darkcomet vitime yt discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometvitime ytdiscoverypersistencerattrojan

behavioral2

darkcometvitime ytdiscoverypersistencerattrojan