darkcomet | a03ed2e4608c412a0e5e55fe8c1c183d30ae68f0c38d308b08ca1d281e420579 | Triage

Sharing

General

Target

JaffaCakes118_ee17ff2b161b3fd97d6c0695c9a6d39b
Size

935KB
Sample

250212-hpga5s1nhs
MD5

ee17ff2b161b3fd97d6c0695c9a6d39b
SHA1

9fd8bc5cb44278b2aecfc388e395c422940fc372
SHA256

a03ed2e4608c412a0e5e55fe8c1c183d30ae68f0c38d308b08ca1d281e420579
SHA512

f131e62db8037fcab9d3199fb78f159197421d20eec5f025511834ce88f81921a5dc623038bd4e76de6688dd2c90df41d2f4304ff559449e66eb24e6df46d567
SSDEEP

24576:JaCfioL30iOp8TYcy5UkgSIdLbB9CUftwmh:Ja7x6Y4Xnf

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

Cyberjack.zapto.org:8499

Mutex

DC_MUTEX-GXPHC9R

Attributes

gencode
mYALyv$7+h*F
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_ee17ff2b161b3fd97d6c0695c9a6d39b
- Size
  
  935KB
- MD5
  
  ee17ff2b161b3fd97d6c0695c9a6d39b
- SHA1
  
  9fd8bc5cb44278b2aecfc388e395c422940fc372
- SHA256
  
  a03ed2e4608c412a0e5e55fe8c1c183d30ae68f0c38d308b08ca1d281e420579
- SHA512
  
  f131e62db8037fcab9d3199fb78f159197421d20eec5f025511834ce88f81921a5dc623038bd4e76de6688dd2c90df41d2f4304ff559449e66eb24e6df46d567
- SSDEEP
  
  24576:JaCfioL30iOp8TYcy5UkgSIdLbB9CUftwmh:Ja7x6Y4Xnf
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan