darkcomet

General

Target

JaffaCakes118_19d1178426414c663b950baab49dbb2e
Size

1.1MB
Sample

250222-p8nmwsxjgq
MD5

19d1178426414c663b950baab49dbb2e
SHA1

7c28702b029ba2e9db99b5a8731c8d316e06e25b
SHA256

0400525e2449135620f42db21f8849a42992cae0be998858e55badefa7359a0d
SHA512

d4b1f6a926942f09bc8257354569d02371df8933645839ecc665e9fca6ebf6c1f52087033baf35d176ce44077594c1c29292647e09be40475f2fb435c9baf025
SSDEEP

24576:Ytav5RbzkzcfHAmTMcaxHnzAbdD0idToS1hIuJ+K3c/XVR7ALJ:dRMwfHAWOzS0ybpJ3c/LA

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest17

C2

wsb52000.no-ip.biz:84

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
ylg1xjv/HXUz
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_19d1178426414c663b950baab49dbb2e
- Size
  
  1.1MB
- MD5
  
  19d1178426414c663b950baab49dbb2e
- SHA1
  
  7c28702b029ba2e9db99b5a8731c8d316e06e25b
- SHA256
  
  0400525e2449135620f42db21f8849a42992cae0be998858e55badefa7359a0d
- SHA512
  
  d4b1f6a926942f09bc8257354569d02371df8933645839ecc665e9fca6ebf6c1f52087033baf35d176ce44077594c1c29292647e09be40475f2fb435c9baf025
- SSDEEP
  
  24576:Ytav5RbzkzcfHAmTMcaxHnzAbdD0idToS1hIuJ+K3c/XVR7ALJ:dRMwfHAWOzS0ybpJ3c/LA
Score

10^/10

darkcomet guest17 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Drops file in Drivers directory

Checks BIOS information in registry

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2