darkcomet | b65247fb0f1e935a404d7d47eaf17eefd6735a53169e7b1f257adeeb6d87790c | Triage

Sharing

General

Target

JaffaCakes118_5173c0fed26d673f4fa37f76566df1c6
Size

856KB
Sample

250101-mfyw2ssjhz
MD5

5173c0fed26d673f4fa37f76566df1c6
SHA1

113aea9fdeb3a36661e3c3ae7c41255a6588cab9
SHA256

b65247fb0f1e935a404d7d47eaf17eefd6735a53169e7b1f257adeeb6d87790c
SHA512

6a26e1d2e046af7ecd12faa0541f788000466c7a4a8adbf20ac6f2f6472857bfe4f9acc98e07e1f5f5d3c17b2cddcf7faad9702cd70e3d4ac8813e741dbe97ec
SSDEEP

24576:ZsngJXxYyVT0ObgVCLkROnVrk9YjD4FzkGs:anGtbLksnxuYn4FK

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

gigidi123.zapto.org:1604

Mutex

DC_MUTEX-5X04J1R

Attributes

gencode
ZRjvSdbRGrVL
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_5173c0fed26d673f4fa37f76566df1c6
- Size
  
  856KB
- MD5
  
  5173c0fed26d673f4fa37f76566df1c6
- SHA1
  
  113aea9fdeb3a36661e3c3ae7c41255a6588cab9
- SHA256
  
  b65247fb0f1e935a404d7d47eaf17eefd6735a53169e7b1f257adeeb6d87790c
- SHA512
  
  6a26e1d2e046af7ecd12faa0541f788000466c7a4a8adbf20ac6f2f6472857bfe4f9acc98e07e1f5f5d3c17b2cddcf7faad9702cd70e3d4ac8813e741dbe97ec
- SSDEEP
  
  24576:ZsngJXxYyVT0ObgVCLkROnVrk9YjD4FzkGs:anGtbLksnxuYn4FK
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan