darkcomet | 4acb5ac3af132a7997741e47554c4de8cad84644e8b62c62d3c82b2d4b90aaff | Triage

Sharing

General

Target

JaffaCakes118_c08977c457028258208504b314613ad1
Size

1.2MB
Sample

250208-jarn1atqer
MD5

c08977c457028258208504b314613ad1
SHA1

e03b0f062ab7b4c3a6255ccee3d75dedd6b1d378
SHA256

4acb5ac3af132a7997741e47554c4de8cad84644e8b62c62d3c82b2d4b90aaff
SHA512

49e54a5f901c6f988a12395261109a8a142d770a953dc0de8c582cc854888a14e8726ab84890715697e3457c58da9653902b1b44ccea8b8405fe164025ebfa02
SSDEEP

24576:tXdHVVHT9YxHKQPMsQm1fK1z1mq+ipVim:tX5VVHBYxHKQbFKaqDpVl

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

iratskids.zapto.org:3024

Mutex

DC_MUTEX-C1DSTEU

Attributes

gencode
wv6uxAfRnPb8
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c08977c457028258208504b314613ad1
- Size
  
  1.2MB
- MD5
  
  c08977c457028258208504b314613ad1
- SHA1
  
  e03b0f062ab7b4c3a6255ccee3d75dedd6b1d378
- SHA256
  
  4acb5ac3af132a7997741e47554c4de8cad84644e8b62c62d3c82b2d4b90aaff
- SHA512
  
  49e54a5f901c6f988a12395261109a8a142d770a953dc0de8c582cc854888a14e8726ab84890715697e3457c58da9653902b1b44ccea8b8405fe164025ebfa02
- SSDEEP
  
  24576:tXdHVVHT9YxHKQPMsQm1fK1z1mq+ipVim:tX5VVHBYxHKQbFKaqDpVl
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan