darkcomet | d5e88ba5e7751149f6fa84a4d71566c4051b6176095ab0f7e8a4fce6ef6a11ec | Triage

Sharing

General

Target

59c3fa30d3e9d542695592a1f80e67ad_JaffaCakes118
Size

709KB
Sample

241018-25ft4atcja
MD5

59c3fa30d3e9d542695592a1f80e67ad
SHA1

2a65d2e8bdb5e84c42d64e7e67181cfa53554ca0
SHA256

d5e88ba5e7751149f6fa84a4d71566c4051b6176095ab0f7e8a4fce6ef6a11ec
SHA512

db769c8f4473f91a1b596d90ee6151d7fff0c4d90cbca12cc8d2bc2176441704da4674671f91646e34c4f28d96b33b1c0ccbf594a21314418fa1f30a8a63cbd1
SSDEEP

12288:3shOpw7EzATP/8uKONAgon+Ne3b4eo08uTx05Dn+YE1RK84dpE7OU0Z1nSIR3Qc:3shODsTXKONAB+e4e19vY8K8eE7OU0ZU

Score

10^/10

darkcomet a asept 01 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

A Asept 01

C2

metafunn2.no-ip.biz:1332

Mutex

DC_MUTEX-6AMDZDL

Attributes

gencode
c6tH54LB6sTc
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  59c3fa30d3e9d542695592a1f80e67ad_JaffaCakes118
- Size
  
  709KB
- MD5
  
  59c3fa30d3e9d542695592a1f80e67ad
- SHA1
  
  2a65d2e8bdb5e84c42d64e7e67181cfa53554ca0
- SHA256
  
  d5e88ba5e7751149f6fa84a4d71566c4051b6176095ab0f7e8a4fce6ef6a11ec
- SHA512
  
  db769c8f4473f91a1b596d90ee6151d7fff0c4d90cbca12cc8d2bc2176441704da4674671f91646e34c4f28d96b33b1c0ccbf594a21314418fa1f30a8a63cbd1
- SSDEEP
  
  12288:3shOpw7EzATP/8uKONAgon+Ne3b4eo08uTx05Dn+YE1RK84dpE7OU0Z1nSIR3Qc:3shODsTXKONAB+e4e19vY8K8eE7OU0ZU
Score

10^/10

darkcomet a asept 01 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometa asept 01discoverypersistencerattrojan

behavioral2

darkcometa asept 01discoverypersistencerattrojan