darkcomet | 0236382d957dcebb0c86dd5042603544aad75a56d4cb949f9ea045f72e0973a8 | Triage

Sharing

General

Target

JaffaCakes118_f8349d63d18628e5bcf39919ddf37096
Size

1.8MB
Sample

250214-qgb1fsxkej
MD5

f8349d63d18628e5bcf39919ddf37096
SHA1

c87fc1f864946759c4dc5dddb9ede3112651be2f
SHA256

0236382d957dcebb0c86dd5042603544aad75a56d4cb949f9ea045f72e0973a8
SHA512

bc1d17c0d5c9170ed5354e540057257a62130493976effa1b332e1f8cf8c248fb71965f83386bf7b635ecf1d7a92edf9b3428031e2d7aaeda00ebcfb1f8e2bd8
SSDEEP

24576:0GgVX4tJrQgpMQgL7MwUn+OItWkbVvP2LbwXoii:0t40gpMQJ+OlkNdXoii

Score

10^/10

darkcomet random discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Random

C2

kromoz23.no-ip.biz:1604

Mutex

DC_MUTEX-Z2B25MB

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
w9R4vECN2$Gj
install
true
offline_keylogger
true
password
23life
persistence
false
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  JaffaCakes118_f8349d63d18628e5bcf39919ddf37096
- Size
  
  1.8MB
- MD5
  
  f8349d63d18628e5bcf39919ddf37096
- SHA1
  
  c87fc1f864946759c4dc5dddb9ede3112651be2f
- SHA256
  
  0236382d957dcebb0c86dd5042603544aad75a56d4cb949f9ea045f72e0973a8
- SHA512
  
  bc1d17c0d5c9170ed5354e540057257a62130493976effa1b332e1f8cf8c248fb71965f83386bf7b635ecf1d7a92edf9b3428031e2d7aaeda00ebcfb1f8e2bd8
- SSDEEP
  
  24576:0GgVX4tJrQgpMQgL7MwUn+OItWkbVvP2LbwXoii:0t40gpMQJ+OlkNdXoii
Score

10^/10

darkcomet random discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometrandomdiscoverypersistencerattrojan

behavioral2

darkcometrandomdiscoverypersistencerattrojan