darkcomet | ec15404fe318fe297905fa397d5afa29b23e42b263a79d4d183e0ad96a7c6134 | Triage

Sharing

General

Target

5ca74ee8d91c9dd4d8d4562adcdbab7a_JaffaCakes118
Size

1.0MB
Sample

241019-pst5qswdla
MD5

5ca74ee8d91c9dd4d8d4562adcdbab7a
SHA1

f5b61e9f38db135fbb80d3282474b7f412dd47d4
SHA256

ec15404fe318fe297905fa397d5afa29b23e42b263a79d4d183e0ad96a7c6134
SHA512

80e6ce1713aaf9c35d3166f9f69e54db43665bed5efa592410a53a0d15dbbd60a4a053246cc2f0ff3c7d745cc2aae92db121d7f98dc97ae840b9e20067bec8ea
SSDEEP

24576:WSKwhKrsBtTGhQhJUjxDDnfASXsY3ljgfTeOwjZHe8fAIwgw4lAAx9BhmroA:PGhUqJAfWUfwjZHe8fAIwgw4lAAx9Bhm

Score

10^/10

darkcomet guest final discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest final

C2

indianboyzcam.no-ip.org:245

Mutex

DC_MUTEX-FRUL9BN

Attributes

gencode
wkznNJr3JSML
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  5ca74ee8d91c9dd4d8d4562adcdbab7a_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  5ca74ee8d91c9dd4d8d4562adcdbab7a
- SHA1
  
  f5b61e9f38db135fbb80d3282474b7f412dd47d4
- SHA256
  
  ec15404fe318fe297905fa397d5afa29b23e42b263a79d4d183e0ad96a7c6134
- SHA512
  
  80e6ce1713aaf9c35d3166f9f69e54db43665bed5efa592410a53a0d15dbbd60a4a053246cc2f0ff3c7d745cc2aae92db121d7f98dc97ae840b9e20067bec8ea
- SSDEEP
  
  24576:WSKwhKrsBtTGhQhJUjxDDnfASXsY3ljgfTeOwjZHe8fAIwgw4lAAx9BhmroA:PGhUqJAfWUfwjZHe8fAIwgw4lAAx9Bhm
Score

10^/10

darkcomet guest final discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest finaldiscoverypersistencerattrojan

behavioral2

darkcometguest finaldiscoverypersistencerattrojan