darkcomet | 371e8def882efd31f44e386edb0ae75fa58eb750029097919c4bc1264331adee | Triage

Sharing

General

Target

JaffaCakes118_e964044329ee1fe2f6eb63527bdd22a9
Size

4.0MB
Sample

250211-xqsswsxpdl
MD5

e964044329ee1fe2f6eb63527bdd22a9
SHA1

d5c19ce79cf88e6d1ca554b4bdb0529596b8acf0
SHA256

371e8def882efd31f44e386edb0ae75fa58eb750029097919c4bc1264331adee
SHA512

2d742aa3bce3750579725ae3ec43cbc9a095173b2b305d849775f048469781b5de8adfe02bcec127b2229f820142159f49cc0ce3ca55a83940b3b9645b88b053
SSDEEP

12288:VAKJJcpI4EQgvJmMk3qL75ORfUjzxQqm0BdPaPE4c3y6W+et3cOQSUrKyCtibAJ:BJZ4c5kgORfUF1dPa8RhW+AMabyVAJ

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
+u7Rwf9M61Z5
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_e964044329ee1fe2f6eb63527bdd22a9
- Size
  
  4.0MB
- MD5
  
  e964044329ee1fe2f6eb63527bdd22a9
- SHA1
  
  d5c19ce79cf88e6d1ca554b4bdb0529596b8acf0
- SHA256
  
  371e8def882efd31f44e386edb0ae75fa58eb750029097919c4bc1264331adee
- SHA512
  
  2d742aa3bce3750579725ae3ec43cbc9a095173b2b305d849775f048469781b5de8adfe02bcec127b2229f820142159f49cc0ce3ca55a83940b3b9645b88b053
- SSDEEP
  
  12288:VAKJJcpI4EQgvJmMk3qL75ORfUjzxQqm0BdPaPE4c3y6W+et3cOQSUrKyCtibAJ:BJZ4c5kgORfUF1dPa8RhW+AMabyVAJ
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan