darkcomet | 7ddbcb26b9c3afc287c094d534ee051f311c258db1c5d2082b384de4b2207c1a | Triage

Sharing

General

Target

JaffaCakes118_d1a6927a0ad7b9a1eb072535aa3879ab
Size

708KB
Sample

250209-vn1plsxlfl
MD5

d1a6927a0ad7b9a1eb072535aa3879ab
SHA1

989cc5e58c7f0de80d5dfcb0468b812192c4c3ef
SHA256

7ddbcb26b9c3afc287c094d534ee051f311c258db1c5d2082b384de4b2207c1a
SHA512

8474cae8e14037913c740a52628242bf434e315139d6d23626859c96beb06b497f024cb8ba3ad689d94cc2f8a23408cf09e3c2718ab29fd0053d379ca6bb99c4
SSDEEP

12288:tk6zJDIYsrXd0+tMt+sH2ept70Q93Fohby5KNK5u3z9HRI0WRooTalj8:tk6zJDIYs7dKH2ecQxgbpsyHRI049TaS

Score

10^/10

darkcomet latentbot guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lolscape12345.zapto.org:4444

coderscape.net84.net:4444

127.0.0.1:4444

192.168.0.3:4444

77.96.90.48:4444

Mutex

DC_MUTEX-KLX6V48

Attributes

gencode
YCMTuRTxJEkt
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

latentbot

C2

lolscape12345.zapto.org

Targets

- Target
  
  JaffaCakes118_d1a6927a0ad7b9a1eb072535aa3879ab
- Size
  
  708KB
- MD5
  
  d1a6927a0ad7b9a1eb072535aa3879ab
- SHA1
  
  989cc5e58c7f0de80d5dfcb0468b812192c4c3ef
- SHA256
  
  7ddbcb26b9c3afc287c094d534ee051f311c258db1c5d2082b384de4b2207c1a
- SHA512
  
  8474cae8e14037913c740a52628242bf434e315139d6d23626859c96beb06b497f024cb8ba3ad689d94cc2f8a23408cf09e3c2718ab29fd0053d379ca6bb99c4
- SSDEEP
  
  12288:tk6zJDIYsrXd0+tMt+sH2ept70Q93Fohby5KNK5u3z9HRI0WRooTalj8:tk6zJDIYs7dKH2ecQxgbpsyHRI049TaS
Score

10^/10

darkcomet latentbot guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometlatentbotguest16defense_evasiondiscoveryrattrojan