darkcomet | 12682e378ed4d01eb7abb0b0f0e38432e5884cb56b8bbd155847a0fd37905ff8 | Triage

Sharing

General

Target

JaffaCakes118_f89be3019aa47cf5926062d8fa4227fb
Size

1.1MB
Sample

250214-ra7dfsylcn
MD5

f89be3019aa47cf5926062d8fa4227fb
SHA1

1db9004df6556dff405aabed9365bbbe5f052dcc
SHA256

12682e378ed4d01eb7abb0b0f0e38432e5884cb56b8bbd155847a0fd37905ff8
SHA512

5b4fc70e8fe21db5eb5b8a2585bde02e3683b89e4c5f4e482f970ca6c5f2f48865787d47eaa411713923ee32105d4d8851af9e01e37b5d5405e5ce8b8dd4e2f8
SSDEEP

24576:4fHK4ne0H220E81P/RQmKEhQSt+TrLQse4xoQQZnt1:GXl3eb1g1CQQ

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

C2

92.73.139.121:3460

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_f89be3019aa47cf5926062d8fa4227fb
- Size
  
  1.1MB
- MD5
  
  f89be3019aa47cf5926062d8fa4227fb
- SHA1
  
  1db9004df6556dff405aabed9365bbbe5f052dcc
- SHA256
  
  12682e378ed4d01eb7abb0b0f0e38432e5884cb56b8bbd155847a0fd37905ff8
- SHA512
  
  5b4fc70e8fe21db5eb5b8a2585bde02e3683b89e4c5f4e482f970ca6c5f2f48865787d47eaa411713923ee32105d4d8851af9e01e37b5d5405e5ce8b8dd4e2f8
- SSDEEP
  
  24576:4fHK4ne0H220E81P/RQmKEhQSt+TrLQse4xoQQZnt1:GXl3eb1g1CQQ
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan