darkcomet | 20b15f4b4932265c6c0e4279b8b00e29e6f2b00ed131972b4d490e20292d7911 | Triage

Sharing

General

Target

JaffaCakes118_d88763d6a89e8cef70193713a127dc61
Size

1.6MB
Sample

250210-hn9ajatken
MD5

d88763d6a89e8cef70193713a127dc61
SHA1

a33c2467f4107d9a9348e01c0d5e535dbe4639a6
SHA256

20b15f4b4932265c6c0e4279b8b00e29e6f2b00ed131972b4d490e20292d7911
SHA512

58f9668dbfc6edfe6a5a569dbba29c6abd911337dcc0ba39b464bd28c8ade1bd4f99adba4bb181ae9b89a53229db22aaebd89f4dd1dc31d8c2d628f0d68135dd
SSDEEP

24576:nEAb/V6IUHrFxIm1bFz2LSk0P4QSKNE8yysBuFAffkd0KDMQF6BMeGqJHAQHp8g0:l/V6ntSWpnti80eMZHbWOy

Score

10^/10

darkcomet first discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

First

C2

tantonacci.no-ip.org:1604

Mutex

DC_MUTEX-0TU1E1M

Attributes

gencode
xvFF%lzvTbvd
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_d88763d6a89e8cef70193713a127dc61
- Size
  
  1.6MB
- MD5
  
  d88763d6a89e8cef70193713a127dc61
- SHA1
  
  a33c2467f4107d9a9348e01c0d5e535dbe4639a6
- SHA256
  
  20b15f4b4932265c6c0e4279b8b00e29e6f2b00ed131972b4d490e20292d7911
- SHA512
  
  58f9668dbfc6edfe6a5a569dbba29c6abd911337dcc0ba39b464bd28c8ade1bd4f99adba4bb181ae9b89a53229db22aaebd89f4dd1dc31d8c2d628f0d68135dd
- SSDEEP
  
  24576:nEAb/V6IUHrFxIm1bFz2LSk0P4QSKNE8yysBuFAffkd0KDMQF6BMeGqJHAQHp8g0:l/V6ntSWpnti80eMZHbWOy
Score

10^/10

darkcomet first discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometfirstdiscoverypersistencerattrojan

behavioral2

darkcometfirstdiscoverypersistencerattrojan