darkcomet | e1263cb3be07c995a401f0330cf9ed5c1ac312399a250a8415dd64ad465ddac0 | Triage

Sharing

General

Target

5799c36ef14b2d929c07091d02035afa_JaffaCakes118
Size

1.3MB
Sample

241018-qcs36sybjh
MD5

5799c36ef14b2d929c07091d02035afa
SHA1

067d24dc4551b16018eb331ed7c9825f7d53baf5
SHA256

e1263cb3be07c995a401f0330cf9ed5c1ac312399a250a8415dd64ad465ddac0
SHA512

5571a35c68936ced6d38162184fc2c36bc91671ddaf43cb6cb17c1176cb214cc9aaa671097b326d99112d13025ee486d6c3e978b5dfaba08480b10118b658937
SSDEEP

24576:qg4LWJQyPxbhsJg4LWJQyPxbhsNZ1xuVVjfFoynPaVBUR8f+kN10EB4:qg4LWJQihsJg4LWJQihsXQDgok30J

Score

10^/10

darkcomet vittoom discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

vittoom

C2

46.185.199.66:120 �

Mutex

DC_MUTEX-YA8CEL4

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
QRzaFt0Etgit
install
true
offline_keylogger
true
persistence
true
reg_key
��

Targets

- Target
  
  5799c36ef14b2d929c07091d02035afa_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  5799c36ef14b2d929c07091d02035afa
- SHA1
  
  067d24dc4551b16018eb331ed7c9825f7d53baf5
- SHA256
  
  e1263cb3be07c995a401f0330cf9ed5c1ac312399a250a8415dd64ad465ddac0
- SHA512
  
  5571a35c68936ced6d38162184fc2c36bc91671ddaf43cb6cb17c1176cb214cc9aaa671097b326d99112d13025ee486d6c3e978b5dfaba08480b10118b658937
- SSDEEP
  
  24576:qg4LWJQyPxbhsJg4LWJQyPxbhsNZ1xuVVjfFoynPaVBUR8f+kN10EB4:qg4LWJQihsJg4LWJQihsXQDgok30J
Score

10^/10

darkcomet vittoom discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometvittoomdiscoverypersistencerattrojan

behavioral2