darkcomet | b9510200c418c1a8ac8fef360f871b7a865c3d26471fcbce7ee670ea5133e5d0 | Triage

Sharing

General

Target

JaffaCakes118_6ac77758173c895c9a0ece583e8a4881
Size

992KB
Sample

250103-g8kx1asmg1
MD5

6ac77758173c895c9a0ece583e8a4881
SHA1

229817780edb32eb2689cc5b6c21a11a32f47b27
SHA256

b9510200c418c1a8ac8fef360f871b7a865c3d26471fcbce7ee670ea5133e5d0
SHA512

38c10a09d77c707189c84eb8d2b22ae2c5ceaf6898b597254ae4514c0f15452ce7e124b88ff096fc62efe63572b4b024cb8c0f1fb8c8dbf9f1652a9d062d52d4
SSDEEP

24576:taCesO0VIF0cjZJprYGr2yvptr6MAgKJT3/aZ7MLTAQ:tUjbrb5AgQi7M

Score

10^/10

darkcomet temoin discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

TEMOIN

C2

127.0.0.1:81

Mutex

DCMIN_MUTEX-RGRCC9T

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
FsQYR63sfd9G
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  JaffaCakes118_6ac77758173c895c9a0ece583e8a4881
- Size
  
  992KB
- MD5
  
  6ac77758173c895c9a0ece583e8a4881
- SHA1
  
  229817780edb32eb2689cc5b6c21a11a32f47b27
- SHA256
  
  b9510200c418c1a8ac8fef360f871b7a865c3d26471fcbce7ee670ea5133e5d0
- SHA512
  
  38c10a09d77c707189c84eb8d2b22ae2c5ceaf6898b597254ae4514c0f15452ce7e124b88ff096fc62efe63572b4b024cb8c0f1fb8c8dbf9f1652a9d062d52d4
- SSDEEP
  
  24576:taCesO0VIF0cjZJprYGr2yvptr6MAgKJT3/aZ7MLTAQ:tUjbrb5AgQi7M
Score

10^/10

darkcomet temoin discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomettemoindiscoverypersistencerattrojan

behavioral2

darkcomettemoindiscoverypersistencerattrojan