darkcomet | a0c2bd0d0c66eb5441805931bdecb82cfc6f33f69f55353a593a9f4e668f177b | Triage

Sharing

General

Target

5a7c40ea1654391854e752bed98b84c8_JaffaCakes118
Size

1.9MB
Sample

241019-dc3amashke
MD5

5a7c40ea1654391854e752bed98b84c8
SHA1

e35e3e765803176b63e244a65d6a44f9a479c2b3
SHA256

a0c2bd0d0c66eb5441805931bdecb82cfc6f33f69f55353a593a9f4e668f177b
SHA512

ffa7ab3540c910835dcf1ef44af628cc26ad080dba0ab3b7f754c6dbe6cb2ecc9429efc0b5192b4a2d7c7e77f3fe3c9437c771cbfef491aa28aebeb130a75f4a
SSDEEP

49152:LS+cXI27Fy0onthBc2N5wR7qjpCYCHKQ6jKgn57etetaR:LS+cY2honxc2P+9jqQjvesR

Score

10^/10

darkcomet guest16 discovery evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

24.146.156.183:1604

Mutex

DC_MUTEX-7G8W2E6

Attributes

InstallPath
Install\rundl32.exe
gencode
iD5L57Cx6y9y
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  5a7c40ea1654391854e752bed98b84c8_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  5a7c40ea1654391854e752bed98b84c8
- SHA1
  
  e35e3e765803176b63e244a65d6a44f9a479c2b3
- SHA256
  
  a0c2bd0d0c66eb5441805931bdecb82cfc6f33f69f55353a593a9f4e668f177b
- SHA512
  
  ffa7ab3540c910835dcf1ef44af628cc26ad080dba0ab3b7f754c6dbe6cb2ecc9429efc0b5192b4a2d7c7e77f3fe3c9437c771cbfef491aa28aebeb130a75f4a
- SSDEEP
  
  49152:LS+cXI27Fy0onthBc2N5wR7qjpCYCHKQ6jKgn57etetaR:LS+cY2honxc2P+9jqQjvesR
Score

10^/10

darkcomet guest16 discovery evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionpersistencerattrojan

behavioral2