darkcomet | 4b5b3bcf64bf987609edccc18ac229d0d77885433c509dc77e75720654180f09 | Triage

Sharing

General

Target

JaffaCakes118_6175fb4ce25460dbcaa710d318bd8220
Size

658KB
Sample

250102-aep7astrck
MD5

6175fb4ce25460dbcaa710d318bd8220
SHA1

8439e1e22da15221b0f853c49ec835e341d632f2
SHA256

4b5b3bcf64bf987609edccc18ac229d0d77885433c509dc77e75720654180f09
SHA512

31f4f7c81ea924cc48ca76dfadcc78eddd08947058a94528d9acca6e572bcf68a074a523df7d9daf89611027668037a37951727d65c05108108a7c8953f41cd0
SSDEEP

12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:eZ1xuVVjfFoynPaVBUR8f+kN10EBd

Score

10^/10

darkcomet guest16_min discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

hani12345.zapto.org:1604

Mutex

DCMIN_MUTEX-MM0CEU6

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
cD076TjWElhu
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  JaffaCakes118_6175fb4ce25460dbcaa710d318bd8220
- Size
  
  658KB
- MD5
  
  6175fb4ce25460dbcaa710d318bd8220
- SHA1
  
  8439e1e22da15221b0f853c49ec835e341d632f2
- SHA256
  
  4b5b3bcf64bf987609edccc18ac229d0d77885433c509dc77e75720654180f09
- SHA512
  
  31f4f7c81ea924cc48ca76dfadcc78eddd08947058a94528d9acca6e572bcf68a074a523df7d9daf89611027668037a37951727d65c05108108a7c8953f41cd0
- SSDEEP
  
  12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hX:eZ1xuVVjfFoynPaVBUR8f+kN10EBd
Score

10^/10

darkcomet guest16_min discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16_mindarkcomet

behavioral1

darkcometguest16_mindiscoverypersistencerattrojan

behavioral2

darkcometguest16_mindiscoverypersistencerattrojan