darkcomet

General

Target

793cab4421c321b969ce88f22d90752c_JaffaCakes118
Size

1.4MB
Sample

241028-mvd57axcpg
MD5

793cab4421c321b969ce88f22d90752c
SHA1

55b461d66391147bf8f7c0179f7a0b2abed6d9b5
SHA256

b780a8572b59d2eeb633fd896cc4982508aacee23bce257396a80e7ea29b2bc3
SHA512

b02df864c6ec4c7ebede94b3bf31b66b5332f3e8b4ece9600a2b282dec06885965279adbf36b8e08d590cfcb5aeb0e113a273eb4476c5fc86e321c4cb73e4075
SSDEEP

24576:eaHMv6CorjqnyC8flDAgjk6GECzbMpJgCUwJvfoIfaAl3Ein+ozerISUfE:e1vqjdC8tD5jk6/wbMTgCUaoIfaKb+ok

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

testcybergate.zapto.org:3014

Mutex

DC_MUTEX-F48XL4B

Attributes

gencode
EWr2RqlAQCdR
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

testcybergate.zapto.org

Targets

- Target
  
  793cab4421c321b969ce88f22d90752c_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  793cab4421c321b969ce88f22d90752c
- SHA1
  
  55b461d66391147bf8f7c0179f7a0b2abed6d9b5
- SHA256
  
  b780a8572b59d2eeb633fd896cc4982508aacee23bce257396a80e7ea29b2bc3
- SHA512
  
  b02df864c6ec4c7ebede94b3bf31b66b5332f3e8b4ece9600a2b282dec06885965279adbf36b8e08d590cfcb5aeb0e113a273eb4476c5fc86e321c4cb73e4075
- SSDEEP
  
  24576:eaHMv6CorjqnyC8flDAgjk6GECzbMpJgCUwJvfoIfaAl3Ein+ozerISUfE:e1vqjdC8tD5jk6/wbMTgCUaoIfaKb+ok
Score

10^/10

darkcomet latentbot guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

LatentBot

Latentbot family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2