darkcomet | 519944f31dffe89922b040ed260a5c5c425e752ffa75cc1175998a1abe6a3616 | Triage

Sharing

General

Target

JaffaCakes118_196a23b56d80e90c8362cee22805207e
Size

1.0MB
Sample

250222-nsh7ssvrhl
MD5

196a23b56d80e90c8362cee22805207e
SHA1

2aef536e109616301c8c513843815602920402a7
SHA256

519944f31dffe89922b040ed260a5c5c425e752ffa75cc1175998a1abe6a3616
SHA512

725d873e6ab1bbdc496150afa250129c994efc7c11d096b5abe52ef65be19fc0ce8db5ebe951141a34906e2097237b7104ff623b83e1b93a26e315ec07b04fe2
SSDEEP

12288:RomKML5A4nWqTi25JrEYJR37WWBwunR5ASggWX/XqMw4Jd5wyiHaRqKySKGbA4ie:RoEWG55AmRueJQyvsfNODqNHTWMM

Score

10^/10

darkcomet guest16_min discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-X4Z71G0

Attributes

gencode
1aVE07wonVME
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_196a23b56d80e90c8362cee22805207e
- Size
  
  1.0MB
- MD5
  
  196a23b56d80e90c8362cee22805207e
- SHA1
  
  2aef536e109616301c8c513843815602920402a7
- SHA256
  
  519944f31dffe89922b040ed260a5c5c425e752ffa75cc1175998a1abe6a3616
- SHA512
  
  725d873e6ab1bbdc496150afa250129c994efc7c11d096b5abe52ef65be19fc0ce8db5ebe951141a34906e2097237b7104ff623b83e1b93a26e315ec07b04fe2
- SSDEEP
  
  12288:RomKML5A4nWqTi25JrEYJR37WWBwunR5ASggWX/XqMw4Jd5wyiHaRqKySKGbA4ie:RoEWG55AmRueJQyvsfNODqNHTWMM
Score

10^/10

darkcomet guest16_min discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoverypersistencerattrojan

behavioral2

darkcometguest16_mindiscoverypersistencerattrojan