darkcomet | 364a7d6969d56365ca9d57478e33e1ffefa18e37e13cb7fb396cc5738a425e45 | Triage

Sharing

General

Target

JaffaCakes118_eb8b1381496c1f1633c90a3e62314832
Size

2.1MB
Sample

250212-asqpzsvqbr
MD5

eb8b1381496c1f1633c90a3e62314832
SHA1

04320ac4f3ea66c8a1b6096831073125938aadeb
SHA256

364a7d6969d56365ca9d57478e33e1ffefa18e37e13cb7fb396cc5738a425e45
SHA512

da05b5def6baa5fdc89b369b816de871f738d5f7c343787321e9ded6298b4924ebc30e368cd9d991fd56dbc006a8a1d2b5b0add25c4889d01cf294d183002100
SSDEEP

24576:50GbWjOGqCcsdApRLwJTwZguTUlErCUkHNFpwzkZyl:5KAOdApSmZLwe5Sw3

Score

10^/10

darkcomet minecraft victim discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Minecraft Victim

C2

cybertechnologyinc.no-ip.biz:81

Mutex

DC_MUTEX-21NV0LP

Attributes

gencode
L#8$N$jsE8uj
install
false
offline_keylogger
true
password
andrew10
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_eb8b1381496c1f1633c90a3e62314832
- Size
  
  2.1MB
- MD5
  
  eb8b1381496c1f1633c90a3e62314832
- SHA1
  
  04320ac4f3ea66c8a1b6096831073125938aadeb
- SHA256
  
  364a7d6969d56365ca9d57478e33e1ffefa18e37e13cb7fb396cc5738a425e45
- SHA512
  
  da05b5def6baa5fdc89b369b816de871f738d5f7c343787321e9ded6298b4924ebc30e368cd9d991fd56dbc006a8a1d2b5b0add25c4889d01cf294d183002100
- SSDEEP
  
  24576:50GbWjOGqCcsdApRLwJTwZguTUlErCUkHNFpwzkZyl:5KAOdApSmZLwe5Sw3
Score

10^/10

darkcomet minecraft victim discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometminecraft victimdiscoverypersistencerattrojan

behavioral2

darkcometminecraft victimdiscoverypersistencerattrojan