darkcomet | 3178ebb16fffc765f2f69266a92d10f1f996a51e7ed8a27482a9cfebdca0b567 | Triage

Sharing

General

Target

67de7126bce1376edeb487ed34d6892b_JaffaCakes118
Size

450KB
Sample

241021-3kp3psvflp
MD5

67de7126bce1376edeb487ed34d6892b
SHA1

901df5eeeba0d5d6774b646599ea98c430970e4b
SHA256

3178ebb16fffc765f2f69266a92d10f1f996a51e7ed8a27482a9cfebdca0b567
SHA512

236dd13642b3e79396aefb05f40edceb5c599c30d1d2c138193558853fc5cc12d9ad1bc6e13ee42b7ad9ddd38f2f47387aeafd7f616c743274b84d29a56a3b6f
SSDEEP

12288:+MnBsky90bVpotSvGIUTXmxk7wc9d8yDCb:rsky2potS+BTXgVc9dD

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

randomhost1.no-ip.biz:1604

Mutex

DC_MUTEX-XGWDZ9R

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
05XmjuYKW509
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  67de7126bce1376edeb487ed34d6892b_JaffaCakes118
- Size
  
  450KB
- MD5
  
  67de7126bce1376edeb487ed34d6892b
- SHA1
  
  901df5eeeba0d5d6774b646599ea98c430970e4b
- SHA256
  
  3178ebb16fffc765f2f69266a92d10f1f996a51e7ed8a27482a9cfebdca0b567
- SHA512
  
  236dd13642b3e79396aefb05f40edceb5c599c30d1d2c138193558853fc5cc12d9ad1bc6e13ee42b7ad9ddd38f2f47387aeafd7f616c743274b84d29a56a3b6f
- SSDEEP
  
  12288:+MnBsky90bVpotSvGIUTXmxk7wc9d8yDCb:rsky2potS+BTXgVc9dD
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan