darkcomet | e1c0b4985deead531b5379b428ed6b52979b304772cad99322e0b8c770229274 | Triage

Sharing

General

Target

JaffaCakes118_c22a33bf182739b3333637d8aeefa468
Size

853KB
Sample

250208-mqx3ha1pbp
MD5

c22a33bf182739b3333637d8aeefa468
SHA1

4231b9143d8d7e4888c5b5bcfc8a7f3915a33987
SHA256

e1c0b4985deead531b5379b428ed6b52979b304772cad99322e0b8c770229274
SHA512

f58ec7a7a614d33c3f06252f66abaea1296882f9ab1ed599ca9c9d83fd977173ffb32dd2ad48683ee124412ccf0ce03658be06e00c716cb94d42befae7c747d1
SSDEEP

24576:8pZ4XeLKWl4aotjbpR1BYeIojQXfvqc7Uim7:8pZ4XeLKw4aobNYe32fvqc7Ui

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

94.23.183.133:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
6N*#iN2$4-Kj
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c22a33bf182739b3333637d8aeefa468
- Size
  
  853KB
- MD5
  
  c22a33bf182739b3333637d8aeefa468
- SHA1
  
  4231b9143d8d7e4888c5b5bcfc8a7f3915a33987
- SHA256
  
  e1c0b4985deead531b5379b428ed6b52979b304772cad99322e0b8c770229274
- SHA512
  
  f58ec7a7a614d33c3f06252f66abaea1296882f9ab1ed599ca9c9d83fd977173ffb32dd2ad48683ee124412ccf0ce03658be06e00c716cb94d42befae7c747d1
- SSDEEP
  
  24576:8pZ4XeLKWl4aotjbpR1BYeIojQXfvqc7Uim7:8pZ4XeLKw4aobNYe32fvqc7Ui
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan