darkcomet | 7c4e144a7e0c1b9f47a204ce8e7497f8e7340a689650645df2b2c7f5238a433e | Triage

Sharing

General

Target

JaffaCakes118_6129bb066cd928b3dc825a217d9e4b44
Size

1.0MB
Sample

250130-lavrrsxjht
MD5

6129bb066cd928b3dc825a217d9e4b44
SHA1

eea1844829ef661414d433af87ccff1088f3d6c9
SHA256

7c4e144a7e0c1b9f47a204ce8e7497f8e7340a689650645df2b2c7f5238a433e
SHA512

8030e79956ffa3907b1fc47a6589ce366a2b1c28cbba61d9068620b36b66d6473065305bdb4dadaa80f861bdd66ad58dc460379975dd677a5e32bdcaf8186238
SSDEEP

24576:98HHLVlkItaWrYDICb6khIuUhqZ+IYDqx:K+4kHUFDqx

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

hC_MUTEX-MPNQKUN

Attributes

gencode
mTSkcfmycaiC
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_6129bb066cd928b3dc825a217d9e4b44
- Size
  
  1.0MB
- MD5
  
  6129bb066cd928b3dc825a217d9e4b44
- SHA1
  
  eea1844829ef661414d433af87ccff1088f3d6c9
- SHA256
  
  7c4e144a7e0c1b9f47a204ce8e7497f8e7340a689650645df2b2c7f5238a433e
- SHA512
  
  8030e79956ffa3907b1fc47a6589ce366a2b1c28cbba61d9068620b36b66d6473065305bdb4dadaa80f861bdd66ad58dc460379975dd677a5e32bdcaf8186238
- SSDEEP
  
  24576:98HHLVlkItaWrYDICb6khIuUhqZ+IYDqx:K+4kHUFDqx
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan