darkcomet | 04b0cfb328ca45db1ef9f29cc854c48c569b9891b195a10d33a4eefda185f789 | Triage

Sharing

General

Target

JaffaCakes118_0c44d4aeaa53617104aba0d574b4d95e
Size

5.0MB
Sample

250220-rg2fsawqfj
MD5

0c44d4aeaa53617104aba0d574b4d95e
SHA1

887183f1481c47125a9e3dea58e87ac593162c77
SHA256

04b0cfb328ca45db1ef9f29cc854c48c569b9891b195a10d33a4eefda185f789
SHA512

39e060a906f726763b51ae875de3133fd31e7570651267ee318915876c4ea1c03556a943fdd32d0c751286994c7f7155d67d5fe5fd11f54a34e86e2cf3c02ca6
SSDEEP

24576:1////qja+7IP1JgNt6udKan/B7J/Vvih9zJZaraB:Wlke+8K67JFQ

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

eurancia.no-ip.org:1434

127.0.0.1:1434

Mutex

DC_MUTEX-WZNXE7M

Attributes

gencode
jfCaXRbbfuca
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_0c44d4aeaa53617104aba0d574b4d95e
- Size
  
  5.0MB
- MD5
  
  0c44d4aeaa53617104aba0d574b4d95e
- SHA1
  
  887183f1481c47125a9e3dea58e87ac593162c77
- SHA256
  
  04b0cfb328ca45db1ef9f29cc854c48c569b9891b195a10d33a4eefda185f789
- SHA512
  
  39e060a906f726763b51ae875de3133fd31e7570651267ee318915876c4ea1c03556a943fdd32d0c751286994c7f7155d67d5fe5fd11f54a34e86e2cf3c02ca6
- SSDEEP
  
  24576:1////qja+7IP1JgNt6udKan/B7J/Vvih9zJZaraB:Wlke+8K67JFQ
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan