darkcomet | 585cb28b1341cfe997a0e01fc4c8b2734a4a64462423c33d280bf46481d84129 | Triage

Sharing

General

Target

JaffaCakes118_217158e753ea637b00cf6261dbd12ee7
Size

544KB
Sample

250124-pqsh5aykhx
MD5

217158e753ea637b00cf6261dbd12ee7
SHA1

dec65cef7b36f9fe93cec79c19045076f1283c28
SHA256

585cb28b1341cfe997a0e01fc4c8b2734a4a64462423c33d280bf46481d84129
SHA512

3dd1c089ed494f6849d162dd85a6679e37f4d7417cc044735c6947705d79f4aeff44ecf20f2d10e1c63ae8f994f223cdb5a6ec178d245ec5f0f6b503575b804d
SSDEEP

12288:OXx1mwPwB41nYhOmCa33dtP95ywAPI56n3gB6Xd:OXx1LaWYtCandVbyANAXd

Score

10^/10

darkcomet latentbot guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

shadowisawesome7.zapto.org:200

Mutex

DC_MUTEX-NW25X7N

Attributes

gencode
muDfpm0c3VFM
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

shadowisawesome7.zapto.org

Targets

- Target
  
  JaffaCakes118_217158e753ea637b00cf6261dbd12ee7
- Size
  
  544KB
- MD5
  
  217158e753ea637b00cf6261dbd12ee7
- SHA1
  
  dec65cef7b36f9fe93cec79c19045076f1283c28
- SHA256
  
  585cb28b1341cfe997a0e01fc4c8b2734a4a64462423c33d280bf46481d84129
- SHA512
  
  3dd1c089ed494f6849d162dd85a6679e37f4d7417cc044735c6947705d79f4aeff44ecf20f2d10e1c63ae8f994f223cdb5a6ec178d245ec5f0f6b503575b804d
- SSDEEP
  
  12288:OXx1mwPwB41nYhOmCa33dtP95ywAPI56n3gB6Xd:OXx1LaWYtCandVbyANAXd
Score

10^/10

darkcomet latentbot guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotguest16discoverypersistencerattrojan

behavioral2

darkcometlatentbotguest16discoverypersistencerattrojan