darkcomet | 68f9e0562fe798c2c0c2d9bcc9452e4a91285db714b2956bdb785a12558fc43d | Triage

Sharing

General

Target

JaffaCakes118_021b30de08b9df4b48205f56c37b3a8f
Size

232KB
Sample

250218-2stv7asrt6
MD5

021b30de08b9df4b48205f56c37b3a8f
SHA1

d1dd31028d8ab6561e71ffd3705e7d98188e9fa4
SHA256

68f9e0562fe798c2c0c2d9bcc9452e4a91285db714b2956bdb785a12558fc43d
SHA512

d54ad22d9f0bffacfa1ee757bf26832c3d1d302daa6ae199bceda609643823dea13d1b2d18eb88e38f203e25b9d3ac643513b501656b8b7b0efa5d1e5138ea5f
SSDEEP

6144:KVHnny/6EaCAtpLPazkKlrLRUqUwiQeGKTjDcru81Qtg:K4/FAtpzukUxiQx8DKN1

Score

10^/10

darkcomet svchost discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

svchost

C2

sisso05.no-ip.org:1604

Mutex

DC_MUTEX-YP4NPD7

Attributes

gencode
LAgi9�=q2zG*
install
true
offline_keylogger
false
password
SALIM1980
persistence
false
reg_key
svchost

rc4.plain

Targets

- Target
  
  JaffaCakes118_021b30de08b9df4b48205f56c37b3a8f
- Size
  
  232KB
- MD5
  
  021b30de08b9df4b48205f56c37b3a8f
- SHA1
  
  d1dd31028d8ab6561e71ffd3705e7d98188e9fa4
- SHA256
  
  68f9e0562fe798c2c0c2d9bcc9452e4a91285db714b2956bdb785a12558fc43d
- SHA512
  
  d54ad22d9f0bffacfa1ee757bf26832c3d1d302daa6ae199bceda609643823dea13d1b2d18eb88e38f203e25b9d3ac643513b501656b8b7b0efa5d1e5138ea5f
- SSDEEP
  
  6144:KVHnny/6EaCAtpLPazkKlrLRUqUwiQeGKTjDcru81Qtg:K4/FAtpzukUxiQx8DKN1
Score

10^/10

darkcomet svchost discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometsvchostdiscoverypersistencerattrojan

behavioral2

darkcometsvchostdiscoverypersistencerattrojan