darkcomet | 3fad06ea2340196a6ef3de8459bbb4f8be381e9e01f10d7ef8dc483f17d05242 | Triage

Sharing

General

Target

JaffaCakes118_40f3221ba41342f517a04101ada17938
Size

1.1MB
Sample

250127-srbtjsvkf1
MD5

40f3221ba41342f517a04101ada17938
SHA1

419335c0068763c3c0954fb92b28ff9991fdee51
SHA256

3fad06ea2340196a6ef3de8459bbb4f8be381e9e01f10d7ef8dc483f17d05242
SHA512

fe3df8bc3371f39acb98942e27fba10776c5629f2e905102d488d4c8fe4514a0fd90c5bd0adce09e53345d92fc8b769ddf2158638c2198def6ca029fdab0a3b8
SSDEEP

12288:SQS6a/lHd/yKq+7D1sIM9kvLlH++OU2hsPhGJDtACYTLMIy+10kKquKw4EUYRHkv:aLPgnIhIaMtY01FT+RqLjP0D

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

selmi.no-ip.org:1604

Mutex

DC_MUTEX-SFCCS64

Attributes

gencode
kgDcLdg0fqJQ
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_40f3221ba41342f517a04101ada17938
- Size
  
  1.1MB
- MD5
  
  40f3221ba41342f517a04101ada17938
- SHA1
  
  419335c0068763c3c0954fb92b28ff9991fdee51
- SHA256
  
  3fad06ea2340196a6ef3de8459bbb4f8be381e9e01f10d7ef8dc483f17d05242
- SHA512
  
  fe3df8bc3371f39acb98942e27fba10776c5629f2e905102d488d4c8fe4514a0fd90c5bd0adce09e53345d92fc8b769ddf2158638c2198def6ca029fdab0a3b8
- SSDEEP
  
  12288:SQS6a/lHd/yKq+7D1sIM9kvLlH++OU2hsPhGJDtACYTLMIy+10kKquKw4EUYRHkv:aLPgnIhIaMtY01FT+RqLjP0D
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan