darkcomet | 2746393bac3d91352de667262c740964ba3b4a36481bf1c229bcdf16ae804eb1 | Triage

Sharing

General

Target

JaffaCakes118_6c9cd2ac3054887bb594424d4869cfda
Size

542KB
Sample

250103-pl1zpswphr
MD5

6c9cd2ac3054887bb594424d4869cfda
SHA1

7973c8d27ba2a38f80261fb99b988d608986e0c0
SHA256

2746393bac3d91352de667262c740964ba3b4a36481bf1c229bcdf16ae804eb1
SHA512

1cb6b4b1d3959ab1d4834f50b2974e624190986d18b77cfdcfcdf4f884e1fec61dd64e67335917319ccf534184eb73877b7e7f21c43c527dbda262f43ff439e0
SSDEEP

12288:IPtk6jP8Gw9OHhBZtqliSdBb2cFQfK0rKQ:IPtkUx8OBiiSdBbmf7K

Score

10^/10

darkcomet guest16_min discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

rawaz.no-ip.biz:1604

Mutex

DCMIN_MUTEX-05QLF3E

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
nKzbvZtX7gLR
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  JaffaCakes118_6c9cd2ac3054887bb594424d4869cfda
- Size
  
  542KB
- MD5
  
  6c9cd2ac3054887bb594424d4869cfda
- SHA1
  
  7973c8d27ba2a38f80261fb99b988d608986e0c0
- SHA256
  
  2746393bac3d91352de667262c740964ba3b4a36481bf1c229bcdf16ae804eb1
- SHA512
  
  1cb6b4b1d3959ab1d4834f50b2974e624190986d18b77cfdcfcdf4f884e1fec61dd64e67335917319ccf534184eb73877b7e7f21c43c527dbda262f43ff439e0
- SSDEEP
  
  12288:IPtk6jP8Gw9OHhBZtqliSdBb2cFQfK0rKQ:IPtkUx8OBiiSdBbmf7K
Score

10^/10

darkcomet guest16_min discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoverypersistencerattrojan

behavioral2

darkcometguest16_mindiscoverypersistencerattrojan