darkcomet | 166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c | Triage

Sharing

General

Target

JaffaCakes118_6b5228408867c1a250c177ce49489273
Size

850KB
Sample

250103-j6a15avray
MD5

6b5228408867c1a250c177ce49489273
SHA1

a1ad3579cb3666025008484d288b23c5907db80a
SHA256

166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c
SHA512

66843e1a618b9908448124bdc6c9b930c5435fa2929186ea613c859d3b4b243e35d4a5b96beb6af348740793159d5ee1d17493142d05f8bd75133365a3d74aed
SSDEEP

24576:OnukqBdH2BuGCZg/vBcOAJaaktmSqvv/IOuAT:m4KBBCgvAJHktmS8vQOuA

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

6.tcp.ngrok.io:10371

Mutex

DC_MUTEX-VHZPBK5

Attributes

gencode
iXnzmGbAY8jT
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_6b5228408867c1a250c177ce49489273
- Size
  
  850KB
- MD5
  
  6b5228408867c1a250c177ce49489273
- SHA1
  
  a1ad3579cb3666025008484d288b23c5907db80a
- SHA256
  
  166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c
- SHA512
  
  66843e1a618b9908448124bdc6c9b930c5435fa2929186ea613c859d3b4b243e35d4a5b96beb6af348740793159d5ee1d17493142d05f8bd75133365a3d74aed
- SSDEEP
  
  24576:OnukqBdH2BuGCZg/vBcOAJaaktmSqvv/IOuAT:m4KBBCgvAJHktmS8vQOuA
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan