darkcomet | e498daf2dfd6926bcd10b90e403c629d3d31a2a0b23eef87aefad3380346abcb | Triage

Sharing

General

Target

7f193c73e9e15eac6e2ff9f8c71119cf_JaffaCakes118
Size

703KB
Sample

241030-n13leatqep
MD5

7f193c73e9e15eac6e2ff9f8c71119cf
SHA1

d9f3cc3e46a49485e8f16610699a37d83d3cfdd5
SHA256

e498daf2dfd6926bcd10b90e403c629d3d31a2a0b23eef87aefad3380346abcb
SHA512

c7c5b143de7734f42988804cd7d662d9ccd6e1458c902af69670a2744b81abf99e2c187d26cb105c1e6a97a35d0f51e9d1076899c8bf1d796d4e0f6b3adb71bb
SSDEEP

12288:D4Ak0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aV:Do0QpGih4bd0rv5+l5szLXj917cqPu9t

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.1.4:1604

127.0.0.1:1604

83.80.250.180:1604

Mutex

DC_MUTEX-9WLX7F0

Attributes

gencode
XQa6vNmMlKtQ
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  7f193c73e9e15eac6e2ff9f8c71119cf_JaffaCakes118
- Size
  
  703KB
- MD5
  
  7f193c73e9e15eac6e2ff9f8c71119cf
- SHA1
  
  d9f3cc3e46a49485e8f16610699a37d83d3cfdd5
- SHA256
  
  e498daf2dfd6926bcd10b90e403c629d3d31a2a0b23eef87aefad3380346abcb
- SHA512
  
  c7c5b143de7734f42988804cd7d662d9ccd6e1458c902af69670a2744b81abf99e2c187d26cb105c1e6a97a35d0f51e9d1076899c8bf1d796d4e0f6b3adb71bb
- SSDEEP
  
  12288:D4Ak0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aV:Do0QpGih4bd0rv5+l5szLXj917cqPu9t
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan