darkcomet | 227aad47efdb70e05e55129fc1f755f57ef5bccd62ef29371a91979313b9ccdc | Triage

Sharing

General

Target

JaffaCakes118_644b895cc3bc1c8db5d638534b657960
Size

756KB
Sample

250102-l31tgszkhk
MD5

644b895cc3bc1c8db5d638534b657960
SHA1

7d69bf123b503dd00fb5f6ba352f553fdc5154a0
SHA256

227aad47efdb70e05e55129fc1f755f57ef5bccd62ef29371a91979313b9ccdc
SHA512

5ac45d8d980e22bce9f25e7b708de34c677712c3fe49fa2fd118cf0263449e02061b30986bae0083870be6538c173e1ffc81ab87769504e49ffc5e22807529b9
SSDEEP

12288:u9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/huFIIhIIo:6Z1xuVVjfFoynPaVBUR8f+kN10EB3

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-9AZJ7BF

Attributes

gencode
J9uBSGkV1jEC
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_644b895cc3bc1c8db5d638534b657960
- Size
  
  756KB
- MD5
  
  644b895cc3bc1c8db5d638534b657960
- SHA1
  
  7d69bf123b503dd00fb5f6ba352f553fdc5154a0
- SHA256
  
  227aad47efdb70e05e55129fc1f755f57ef5bccd62ef29371a91979313b9ccdc
- SHA512
  
  5ac45d8d980e22bce9f25e7b708de34c677712c3fe49fa2fd118cf0263449e02061b30986bae0083870be6538c173e1ffc81ab87769504e49ffc5e22807529b9
- SSDEEP
  
  12288:u9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/huFIIhIIo:6Z1xuVVjfFoynPaVBUR8f+kN10EB3
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan