darkcomet | 91dc2eb012af0b120110734c63171424e2ded01c5ed48e887631f9cad92cc5e8 | Triage

Sharing

General

Target

JaffaCakes118_08509d5612f088c46f1d859cb965c7df
Size

731KB
Sample

250219-3fclta1pav
MD5

08509d5612f088c46f1d859cb965c7df
SHA1

d3c0849e58909685e377fb52a5b4e3fcf15f0c00
SHA256

91dc2eb012af0b120110734c63171424e2ded01c5ed48e887631f9cad92cc5e8
SHA512

b89b6e1c75e3e140311d7e58d265e93dedf8ca414822dab4c4eb7282c8b08b507e0cc0b2db767b566b0ef9e5e9809722e43cd0dd9c72ecfc98d5b98acb3233c3
SSDEEP

12288:jaUWjsRbTquJjwdjk4hSODKvN4VObb/ic7cmPA/QCa+Bz+Y8ZeHzbrJfIj3:jaUkCKuJUFk4MOSoO3/r4EA/QCa2+Ncw

Score

10^/10

darkcomet guest16_min discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

jomomma259.no-ip.biz:1604

Mutex

DCMIN_MUTEX-F2XLQ97

Attributes

gencode
Epelgu6xgBYa
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_08509d5612f088c46f1d859cb965c7df
- Size
  
  731KB
- MD5
  
  08509d5612f088c46f1d859cb965c7df
- SHA1
  
  d3c0849e58909685e377fb52a5b4e3fcf15f0c00
- SHA256
  
  91dc2eb012af0b120110734c63171424e2ded01c5ed48e887631f9cad92cc5e8
- SHA512
  
  b89b6e1c75e3e140311d7e58d265e93dedf8ca414822dab4c4eb7282c8b08b507e0cc0b2db767b566b0ef9e5e9809722e43cd0dd9c72ecfc98d5b98acb3233c3
- SSDEEP
  
  12288:jaUWjsRbTquJjwdjk4hSODKvN4VObb/ic7cmPA/QCa+Bz+Y8ZeHzbrJfIj3:jaUkCKuJUFk4MOSoO3/r4EA/QCa2+Ncw
Score

10^/10

darkcomet guest16_min discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoverypersistencerattrojan

behavioral2

darkcometguest16_mindiscoverypersistencerattrojan