darkcomet | 8e1d52e1b4781efea9d7d21db0ce836c98d13ae7201561fd3261da57203208ba | Triage

Sharing

General

Target

JaffaCakes118_8e1d52e1b4781efea9d7d21db0ce836c98d13ae7201561fd3261da57203208ba
Size

7.3MB
Sample

241229-mcaeaayqhm
MD5

d35947bd2a53148c080fe8d12e6b69b7
SHA1

3dc1c384480f537afe27f4e35ccc932b4b056127
SHA256

8e1d52e1b4781efea9d7d21db0ce836c98d13ae7201561fd3261da57203208ba
SHA512

cef0d513ccb7a63c233cb22eab89df192eb174c0ba40f36c05f22651f4c77e210e93e939eeb8a134c6e5c259f3e7b9ed4d6b391740d4aa91e3ac25e2459e09ae
SSDEEP

196608:59nd6bx+7kGc3UYt3Olp/fF6VsvzpvObjVNjJq79Jfcp2s:7+x+YGcEYt+l1fwivzBeVNJq4ws

Score

10^/10

darkcomet wedthings discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

WEDTHINGS

C2

cosrem.ddns.net:2301

cosrem.ddnsgeek.com:2301

cosrem.dyndns.org:2301

Mutex

DC_MUTEX-B22SA3T

Attributes

gencode
0TFfD5Hg0VlW
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  9F17ACC43ACF52F99F6C858E14DA84B6B4C67381687F8FEDFD9B6A21B2AB37B4
- Size
  
  7.3MB
- MD5
  
  7002220c99ce292ae1e868630955d252
- SHA1
  
  6a30dac7b111d836df034b61b0e1e75193685005
- SHA256
  
  9f17acc43acf52f99f6c858e14da84b6b4c67381687f8fedfd9b6a21b2ab37b4
- SHA512
  
  6e71732cc363e3277e42e7a06626dd0909bad6eca065d4f8278bd8c048bc56ec3de533ec2e83efda396d904cda39b4e955ed3ff0d33dd765b8864a3a018b7eee
- SSDEEP
  
  196608:BtonkRNZFa4GEQkyuU3ydnUOjYyO92A2U9:yeOhkpOydPXOb9
Score

10^/10

darkcomet wedthings discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometwedthingsdiscoveryrattrojan

behavioral2

darkcometwedthingsdiscoveryrattrojan