darkcomet | 5d271089ff6c13203578bfadb766ab8e5fdba62286b0b5e2e49c8afec3a0a57b | Triage

Sharing

General

Target

JaffaCakes118_65d0e2f6e383e4707c0a1fff936cff20
Size

752KB
Sample

250102-rz7erayjcn
MD5

65d0e2f6e383e4707c0a1fff936cff20
SHA1

b7b626d4cf6019affe1bdc2a0a34bb36db501a09
SHA256

5d271089ff6c13203578bfadb766ab8e5fdba62286b0b5e2e49c8afec3a0a57b
SHA512

44786b30bb295b05ffb9faaa30672e3f0c8bd79b63c41c12129e39ce1018c34ac1e270c6f3a11196bc485a3283d8efbb7442ea1bcd55f2855931135c2e8c1978
SSDEEP

12288:XJKzhtpGxWkF1czht1G0WBLw3KLNzZBJQoZqdugoQzkxE9c3j9HHxp1+:XJKzMZuzht1G0WxVthZMlorEa3j9n

Score

10^/10

darkcomet bt real discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

BT Real

C2

prokwen.no-ip.org:100

darkcometx.no-ip.biz:100

127.0.0.1:100

Mutex

DC_MUTEX-4RGBBVE

Attributes

gencode
pdn1D7zQzeYg
install
false
offline_keylogger
true
password
6439330
persistence
false

Targets

- Target
  
  JaffaCakes118_65d0e2f6e383e4707c0a1fff936cff20
- Size
  
  752KB
- MD5
  
  65d0e2f6e383e4707c0a1fff936cff20
- SHA1
  
  b7b626d4cf6019affe1bdc2a0a34bb36db501a09
- SHA256
  
  5d271089ff6c13203578bfadb766ab8e5fdba62286b0b5e2e49c8afec3a0a57b
- SHA512
  
  44786b30bb295b05ffb9faaa30672e3f0c8bd79b63c41c12129e39ce1018c34ac1e270c6f3a11196bc485a3283d8efbb7442ea1bcd55f2855931135c2e8c1978
- SSDEEP
  
  12288:XJKzhtpGxWkF1czht1G0WBLw3KLNzZBJQoZqdugoQzkxE9c3j9HHxp1+:XJKzMZuzht1G0WxVthZMlorEa3j9n
Score

10^/10

darkcomet bt real discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometbt realdiscoverypersistencerattrojan

behavioral2

darkcometbt realdiscoverypersistencerattrojan