darkcomet | 50988bb4099579d3ca193069b1e1aa8e7ce05620bc5de301b48dd614adbc1ab3 | Triage

Sharing

General

Target

JaffaCakes118_f540eda7b3bfab51cf6532705f038b93
Size

787KB
Sample

250214-jkqjpaxrfs
MD5

f540eda7b3bfab51cf6532705f038b93
SHA1

41f757eb58b7aa563345b3a291daf59967623d3a
SHA256

50988bb4099579d3ca193069b1e1aa8e7ce05620bc5de301b48dd614adbc1ab3
SHA512

a3b6f7d52ef9e1088957546eaadc8a78a2bd22e36e9bce9631821057966a304ed08fe4ede2ee6e0194940200cddabd333404cf337043be8681b7eec6f5237bf2
SSDEEP

12288:dQ1Ev3eWNDuW4s/TkN7gyx1VTrYWvCnPnaKYfxt4mzIJHqkXpgC:dOEXutsLA7jwWv+PaltNWHv

Score

10^/10

darkcomet crypter1 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Crypter1

C2

leethost.no-ip.org:82

Mutex

DC_MUTEX-Y4Y8Q8Q

Attributes

gencode
Bqih8Xk8lY44
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_f540eda7b3bfab51cf6532705f038b93
- Size
  
  787KB
- MD5
  
  f540eda7b3bfab51cf6532705f038b93
- SHA1
  
  41f757eb58b7aa563345b3a291daf59967623d3a
- SHA256
  
  50988bb4099579d3ca193069b1e1aa8e7ce05620bc5de301b48dd614adbc1ab3
- SHA512
  
  a3b6f7d52ef9e1088957546eaadc8a78a2bd22e36e9bce9631821057966a304ed08fe4ede2ee6e0194940200cddabd333404cf337043be8681b7eec6f5237bf2
- SSDEEP
  
  12288:dQ1Ev3eWNDuW4s/TkN7gyx1VTrYWvCnPnaKYfxt4mzIJHqkXpgC:dOEXutsLA7jwWv+PaltNWHv
Score

10^/10

darkcomet crypter1 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometcrypter1discoverypersistencerattrojan

behavioral2

darkcometcrypter1discoverypersistencerattrojan