darkcomet | dcdb9cc7b04ebeca174b210071f27a6436ed6449820e4b0ea30e54436f3e1fa3 | Triage

Sharing

General

Target

f8b4f6200008726f887cf508ca7fac2d_JaffaCakes118
Size

731KB
Sample

241216-m5wg8aymhp
MD5

f8b4f6200008726f887cf508ca7fac2d
SHA1

42baa94472b942c2ae5376effdb415dc0d3fd41f
SHA256

dcdb9cc7b04ebeca174b210071f27a6436ed6449820e4b0ea30e54436f3e1fa3
SHA512

6fe9c227868ee70be184c351c048e363009753e9229bc28550a21dcf64eafb884bd6000d6d949b2ad5624da27267b5d6f6c2ab534d13f558a5dc1ae14c3fe35f
SSDEEP

12288:aKCPe4gfOZ4fyHd7kGvjnHKe5PzLwBkc5GT1nvpAFs9x7OGlpOG9/ERO6VRewa:/vVmPdN+e5PzL2kc5GThviFAwApOG9/r

Score

10^/10

darkcomet launched11/20 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Launched11/20

C2

hehehe.no-ip.biz:1337

Mutex

DC_MUTEX-B71H07K

Attributes

gencode
3cYLS3WJU30j
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  Diablo3GoldHack.exe
- Size
  
  1.1MB
- MD5
  
  4da04a0babe252f46dc8c9471c659254
- SHA1
  
  a7dff7567ca274dffe6cf2348b188d1e25e626d2
- SHA256
  
  abbb19d66c828cfe60986bcf360dbefd4c207fdaccdecfdffe7bcf19c7525ee7
- SHA512
  
  0dc99e12810778437c1541e1d4bbc6802d5792e76f54f55aeca18a195867a407f8f49e108df9aab0969702970a4909db421a5b38c721c4378e351d7d35e8f444
- SSDEEP
  
  24576:rbrCj9c4WAjqfwfCV0T6fozUM61+PVTWFzsNrYEqyZ:rnCBJu/6efEm+7NrYEqyZ
Score

10^/10

darkcomet launched11/20 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlaunched11/20discoverypersistencerattrojan

behavioral2

darkcometlaunched11/20discoverypersistencerattrojan