darkcomet | 3307d290e7ef6c219212df9b0c53b0a347e836958e0037c26efa015493c6a1c4 | Triage

Sharing

General

Target

JaffaCakes118_e6886b6361fbb6a5f0d2495eeb6e0ac7
Size

694KB
Sample

250211-p514tasjhw
MD5

e6886b6361fbb6a5f0d2495eeb6e0ac7
SHA1

de6efc38036ab5956e9a4fe979c66f56e952cd7c
SHA256

3307d290e7ef6c219212df9b0c53b0a347e836958e0037c26efa015493c6a1c4
SHA512

2f2b540acad07138370593f5ff81f0c90a670fceb0d3952acb6132139fbee0510db488c80214c7d72d343c52ed18e33dcd16e39e02952d2392c1809432aada77
SSDEEP

12288:8aasZ9dAKKCHw77bgskEDUsVug3Yn6RIhDo9/wAz9T4L3XSgKc3nyr:8aasZDbKCHw77bgTEDU4ugInDw/jR4rn

Score

10^/10

darkcomet id discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

ID

C2

darkserver.no-ip.info:8080

Mutex

DC_MUTEX-GVZ1EFB

Attributes

InstallPath
msdcsc.exe
gencode
Fl7CtJ8WQZeW
install
true
offline_keylogger
false
persistence
false
reg_key
crss

rc4.plain

Targets

- Target
  
  JaffaCakes118_e6886b6361fbb6a5f0d2495eeb6e0ac7
- Size
  
  694KB
- MD5
  
  e6886b6361fbb6a5f0d2495eeb6e0ac7
- SHA1
  
  de6efc38036ab5956e9a4fe979c66f56e952cd7c
- SHA256
  
  3307d290e7ef6c219212df9b0c53b0a347e836958e0037c26efa015493c6a1c4
- SHA512
  
  2f2b540acad07138370593f5ff81f0c90a670fceb0d3952acb6132139fbee0510db488c80214c7d72d343c52ed18e33dcd16e39e02952d2392c1809432aada77
- SSDEEP
  
  12288:8aasZ9dAKKCHw77bgskEDUsVug3Yn6RIhDo9/wAz9T4L3XSgKc3nyr:8aasZDbKCHw77bgTEDU4ugInDw/jR4rn
Score

10^/10

darkcomet id discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometiddiscoverypersistencerattrojan

behavioral2