darkcomet | 916cc328fc7cbef3a566267f37145ae0a60568108c0960e93f87d7448475f69c | Triage

Sharing

General

Target

a99d77243ea9f567c49d556fa4c3f916_JaffaCakes118
Size

721KB
Sample

241127-zr8xlsznhy
MD5

a99d77243ea9f567c49d556fa4c3f916
SHA1

376ede553fa9a0ebbcf7b3855602e643e74b179c
SHA256

916cc328fc7cbef3a566267f37145ae0a60568108c0960e93f87d7448475f69c
SHA512

1bfb249850b7325cf6afe63e85134917731f5c28394b5839b394f147c0b4f7595d03e7a4d52a9180e211533d55a1d77ea6ceca0d8fb9b6b7c4eddca80b751e23
SSDEEP

12288:1egRJeugJm952LBXcru+kLbUbHNLWt3Jpgbp5xKMqVcru+4:1e3uggaL6yXMMp45VqVcru+

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ratratrat.no-ip.biz:1604

Mutex

DC_MUTEX-YZZA1V9

Attributes

gencode
kNwFWVc6WGww
install
false
offline_keylogger
true
password
0123456789
persistence
false

Targets

- Target
  
  a99d77243ea9f567c49d556fa4c3f916_JaffaCakes118
- Size
  
  721KB
- MD5
  
  a99d77243ea9f567c49d556fa4c3f916
- SHA1
  
  376ede553fa9a0ebbcf7b3855602e643e74b179c
- SHA256
  
  916cc328fc7cbef3a566267f37145ae0a60568108c0960e93f87d7448475f69c
- SHA512
  
  1bfb249850b7325cf6afe63e85134917731f5c28394b5839b394f147c0b4f7595d03e7a4d52a9180e211533d55a1d77ea6ceca0d8fb9b6b7c4eddca80b751e23
- SSDEEP
  
  12288:1egRJeugJm952LBXcru+kLbUbHNLWt3Jpgbp5xKMqVcru+4:1e3uggaL6yXMMp45VqVcru+
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan