darkcomet | de3665405a74bd3fd308b8831d55d8b86cd00f81126333de8dfdb9b26bc9fe4e | Triage

Sharing

General

Target

JaffaCakes118_1cadb40bb61186f2e85313c1e96572d7
Size

1.1MB
Sample

250222-2gyd8szpdw
MD5

1cadb40bb61186f2e85313c1e96572d7
SHA1

2feebaaeffb1114f1c630139f5466b937951d17f
SHA256

de3665405a74bd3fd308b8831d55d8b86cd00f81126333de8dfdb9b26bc9fe4e
SHA512

e473b4d743072e77dc5e6ecd7bae9d51fe4cfdeb2a58fc24bbd834e9e6485dc5d4259d1530301169b8bb4e8e5ee1bcaaa141339fc43827bf2fe92ceec5c272cb
SSDEEP

24576:OvRkla+ipDfHGpY+7oY6A+mgzbGBUR39h/ii:2RSI/qTP6AOfTR39h/ii

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

94.102.63.198:1742

xcb222.no-ip.org:1742

Mutex

DC_MUTEX-2AXT7EA

Attributes

gencode
ooYEEUcSXUpB
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_1cadb40bb61186f2e85313c1e96572d7
- Size
  
  1.1MB
- MD5
  
  1cadb40bb61186f2e85313c1e96572d7
- SHA1
  
  2feebaaeffb1114f1c630139f5466b937951d17f
- SHA256
  
  de3665405a74bd3fd308b8831d55d8b86cd00f81126333de8dfdb9b26bc9fe4e
- SHA512
  
  e473b4d743072e77dc5e6ecd7bae9d51fe4cfdeb2a58fc24bbd834e9e6485dc5d4259d1530301169b8bb4e8e5ee1bcaaa141339fc43827bf2fe92ceec5c272cb
- SSDEEP
  
  24576:OvRkla+ipDfHGpY+7oY6A+mgzbGBUR39h/ii:2RSI/qTP6AOfTR39h/ii
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan