darkcomet | ce83f23a926ff4356fa39f7ba83d83816896ce9a15da62cf7a8e262e5cafd7ac | Triage

Sharing

General

Target

90b6794962b74f3151d35adc24551127_JaffaCakes118
Size

1.1MB
Sample

241123-z6e8vaxkcw
MD5

90b6794962b74f3151d35adc24551127
SHA1

401828abdd1e79b906450920c6e8975be8f25681
SHA256

ce83f23a926ff4356fa39f7ba83d83816896ce9a15da62cf7a8e262e5cafd7ac
SHA512

91897135d4aa3bcc56f07b1b29851c6bfe60a2418218c32dc7eb4dfc31281a649f7466fde48e789dec6c76b48c65eefb8cf3486bf304fa238d01a19fbb7c6a52
SSDEEP

12288:qXFrzeLNlDwvCdEkyPF6kfSHIaODwIMk13+ahBYNTQsEE0swRhTfCX8hq0QXNYXb:qMvDmTEHw3qKhhoucqMy5ugc+

Score

10^/10

darkcomet gr8 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Gr8

C2

gr8.redirectme.net:3030

gr8.bounceme.net:3030

gr8.3utilities.come:3030

Mutex

DC_MUTEX-NYP0ZXN

Attributes

gencode
5xSpfjB5D01x
install
false
offline_keylogger
true
password
nolongthing
persistence
false

Targets

- Target
  
  90b6794962b74f3151d35adc24551127_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  90b6794962b74f3151d35adc24551127
- SHA1
  
  401828abdd1e79b906450920c6e8975be8f25681
- SHA256
  
  ce83f23a926ff4356fa39f7ba83d83816896ce9a15da62cf7a8e262e5cafd7ac
- SHA512
  
  91897135d4aa3bcc56f07b1b29851c6bfe60a2418218c32dc7eb4dfc31281a649f7466fde48e789dec6c76b48c65eefb8cf3486bf304fa238d01a19fbb7c6a52
- SSDEEP
  
  12288:qXFrzeLNlDwvCdEkyPF6kfSHIaODwIMk13+ahBYNTQsEE0swRhTfCX8hq0QXNYXb:qMvDmTEHw3qKhhoucqMy5ugc+
Score

10^/10

darkcomet gr8 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometgr8discoverypersistencerattrojan

behavioral2

darkcometgr8discoverypersistencerattrojan