darkcomet | 79d397446503a2e9fd1fb8fb23e46bb6e32395eb125784fbe26e40c9a4aca457 | Triage

Sharing

General

Target

c2853415e7b7b07ef7f753a92410b366_JaffaCakes118
Size

504KB
Sample

241204-pnlb2avqcw
MD5

c2853415e7b7b07ef7f753a92410b366
SHA1

0d3177e6c5c9dbaa2d29a3ff6fc263ce6040ad1b
SHA256

79d397446503a2e9fd1fb8fb23e46bb6e32395eb125784fbe26e40c9a4aca457
SHA512

9a63d1046d15d83d6fed7382879ae4e6660b62a73ae1a7f6612557cbfe14fdaed897398f74a897993646fe354a31107c0e7fcab6e46ff1c0641c2f49d8ccae27
SSDEEP

12288:TOt4en7a6V7Ow3MQi4LRy/ciSmK1i3kUaxkyXA59XxPu01H:0/G6xOw3cq98tvlFGUH

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

teamtess.no-ip.biz:25568

Mutex

DC_MUTEX-0TH7XPH

Attributes

gencode
EjbDHwAie215
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  c2853415e7b7b07ef7f753a92410b366_JaffaCakes118
- Size
  
  504KB
- MD5
  
  c2853415e7b7b07ef7f753a92410b366
- SHA1
  
  0d3177e6c5c9dbaa2d29a3ff6fc263ce6040ad1b
- SHA256
  
  79d397446503a2e9fd1fb8fb23e46bb6e32395eb125784fbe26e40c9a4aca457
- SHA512
  
  9a63d1046d15d83d6fed7382879ae4e6660b62a73ae1a7f6612557cbfe14fdaed897398f74a897993646fe354a31107c0e7fcab6e46ff1c0641c2f49d8ccae27
- SSDEEP
  
  12288:TOt4en7a6V7Ow3MQi4LRy/ciSmK1i3kUaxkyXA59XxPu01H:0/G6xOw3cq98tvlFGUH
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan