darkcomet | 27094cb748873600fb21148e89ac9a86fab2f17cc0ffad0f44e57ffde474958c | Triage

Sharing

General

Target

f4233030a275747f7d877a783b70786e_JaffaCakes118
Size

991KB
Sample

241215-qba6zawqfq
MD5

f4233030a275747f7d877a783b70786e
SHA1

434b241dfbe8f712d00000c24e4cbbaae5ed7b67
SHA256

27094cb748873600fb21148e89ac9a86fab2f17cc0ffad0f44e57ffde474958c
SHA512

59fd48c26168a45e853f76faf5a3529ae1497dd130512fd99c1a7628a28ef5775e034bf007e692ec1b502c1db98b933c46735f592393ffe0fed4e208057004e0
SSDEEP

24576:0Zv+65mJHeo/7h/dez998Yirk3DkjyLLwRtYuOY4C8GQxOCEaPu:g+658eo/7h/Wn8YCk3Ei0RtYs4Pvu

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

h4ck3d.no-ip.biz:1604

Mutex

DC_MUTEX-U7QW2L5

Attributes

gencode
ZEXXhn2CQy5v
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  pokerhackV2.exe
- Size
  
  1.2MB
- MD5
  
  10088b6ff3ee1aafb4a541cc8782719e
- SHA1
  
  961bfdba4072ef020046f2f8d12140946632ec1d
- SHA256
  
  e3c92b8dc88f341dc0c891935455ab602383c7fdd1fadf6cdad7bbc1940f0eac
- SHA512
  
  f22058d920c671b24c17a7072f018b242cd847aeab34816ae087dade4d4c3c42183658ba5b54ab2b632f22608a4112c0c656f38cc6f56cdfc5df148bc252e0bb
- SSDEEP
  
  24576:+OXundQ410NuvNb0TSQoPHZEWyGVUeu7t0e2dA1tfVsjKecr9yiHaLwa:3X2510NEaM5GTf7VHiw
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Adds policy Run key to start application
  persistence
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  pokerhackdataV2.dll
- Size
  
  247KB
- MD5
  
  3b969717fa91dc6c60ae40ac5e1c7a69
- SHA1
  
  63ef852f6a227e3205a12a1d171ea8ab58874d01
- SHA256
  
  ebd461c8e53f8946eb231a63fa4c98653d4911fed4fee709961ba2407d2b0c91
- SHA512
  
  524e74549f873dcd3878a110f55b6f006d0122bb9453097009a2dc76f24b0e761f55e5766b28ee7e262261ba47ec86353a8a2e77cc4ba539093d2197ccacf2ca
- SSDEEP
  
  3072:D1q4/6n3MtRwImFds0aYw05jt919Al/6HjS/6H6Y/YKvK3jhe6AOfdiSYoxzsld5:D1q4LtRXgvA2qhe6PfA5oaw/hwN
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan

behavioral3

behavioral4