darkcomet | 27b67644170b08d57dcd8bb39d9b779632aad6697845015175e51e4801a42a5a | Triage

Sharing

General

Target

JaffaCakes118_b6b6a5213f8b3e7ce5306cd069dcbf5e
Size

800KB
Sample

250207-n1evcayrht
MD5

b6b6a5213f8b3e7ce5306cd069dcbf5e
SHA1

9991f4da8630039b84f4bf8c1b45fec898fa80b7
SHA256

27b67644170b08d57dcd8bb39d9b779632aad6697845015175e51e4801a42a5a
SHA512

bb0deacba3eeca40fe69990c30a9a3cee3d82052d895a50e7c92b461ca19ecf6c1109209763b6df4ea2fe9c3565c672fe63c7a11dfd9692ba71fae223eafb6ea
SSDEEP

12288:+f9tz7HqHG/niI+dExFzfPrwbg1llIfUls:+f7z7HqKsE+2lIff

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

speeed.hopto.org:147

Mutex

DC_MUTEX-HGY40HP

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
cNTlixxZgYma
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  JaffaCakes118_b6b6a5213f8b3e7ce5306cd069dcbf5e
- Size
  
  800KB
- MD5
  
  b6b6a5213f8b3e7ce5306cd069dcbf5e
- SHA1
  
  9991f4da8630039b84f4bf8c1b45fec898fa80b7
- SHA256
  
  27b67644170b08d57dcd8bb39d9b779632aad6697845015175e51e4801a42a5a
- SHA512
  
  bb0deacba3eeca40fe69990c30a9a3cee3d82052d895a50e7c92b461ca19ecf6c1109209763b6df4ea2fe9c3565c672fe63c7a11dfd9692ba71fae223eafb6ea
- SSDEEP
  
  12288:+f9tz7HqHG/niI+dExFzfPrwbg1llIfUls:+f7z7HqKsE+2lIff
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan