darkcomet | 82011fa1765d84cf0581f24d99807b9b9107115c7fce23e0145babf465bfde8e | Triage

Sharing

General

Target

JaffaCakes118_099136d2e436fa046dcfe4245db61a30
Size

707KB
Sample

250220-er4yfawpbr
MD5

099136d2e436fa046dcfe4245db61a30
SHA1

3e42edc82df2c7bba527c4c6384088664d1ebf9e
SHA256

82011fa1765d84cf0581f24d99807b9b9107115c7fce23e0145babf465bfde8e
SHA512

9071d71e892ea7b2cba76130e7759f2e7d5e229c53ff72571b59df8bf1185b64c79e5bbab465ac503b203a5d1f678296c7b304496db0dd9eaf003bd64e21a5c0
SSDEEP

12288:02N2ZFENyCQCtDuqwJEOtmCzlUBKaU+2Vaqfp5YiakQvUfTKry3:026O8K6qImEzTYqfp+izQcrp

Score

10^/10

darkcomet 12.03.04 discovery persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

12.03.04

C2

windowsing.no-ip.org:1604

Mutex

DC_MUTEX-UGWGNUQ

Attributes

InstallPath
svv24\svv24.exe
gencode
b7j�JDX4Ypkf
install
true
offline_keylogger
true
password
4fds6465s6erw89rwd7
persistence
false
reg_key
SVV24

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_099136d2e436fa046dcfe4245db61a30
- Size
  
  707KB
- MD5
  
  099136d2e436fa046dcfe4245db61a30
- SHA1
  
  3e42edc82df2c7bba527c4c6384088664d1ebf9e
- SHA256
  
  82011fa1765d84cf0581f24d99807b9b9107115c7fce23e0145babf465bfde8e
- SHA512
  
  9071d71e892ea7b2cba76130e7759f2e7d5e229c53ff72571b59df8bf1185b64c79e5bbab465ac503b203a5d1f678296c7b304496db0dd9eaf003bd64e21a5c0
- SSDEEP
  
  12288:02N2ZFENyCQCtDuqwJEOtmCzlUBKaU+2Vaqfp5YiakQvUfTKry3:026O8K6qImEzTYqfp+izQcrp
Score

10^/10

darkcomet 12.03.04 discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet12.03.04discoverypersistencerattrojanupx

behavioral2