darkcomet | dadfa0bfe4c53fae9768297c502304de283e561d7effcabb120804a9b50c1549 | Triage

Sharing

General

Target

JaffaCakes118_1b9d7f04abc6a3992f08a4c62ed944b3
Size

724KB
Sample

250222-xns1waxn15
MD5

1b9d7f04abc6a3992f08a4c62ed944b3
SHA1

4aa6645f26ebd195583f37fb13fe618554eb70d6
SHA256

dadfa0bfe4c53fae9768297c502304de283e561d7effcabb120804a9b50c1549
SHA512

48417d024c591663b5dd10dcfeabf16325c74a43dd604d99f20ea8f128072661b47e4883133c6618a6865fef68760557a5772ef925c331457c94bd0e4eefdec3
SSDEEP

12288:XIKdPItymJ78JYSAEzeOhpiqqFf609uQbSflqjZN7NfXFffa2KqSkTJD:XIePqNgze210EQbSsf91flHD

Score

10^/10

darkcomet crypter1 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Crypter1

C2

127.0.0.1:95

Mutex

DC_MUTEX-LN9GR17

Attributes

gencode
vWsjmZp2wpBg
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_1b9d7f04abc6a3992f08a4c62ed944b3
- Size
  
  724KB
- MD5
  
  1b9d7f04abc6a3992f08a4c62ed944b3
- SHA1
  
  4aa6645f26ebd195583f37fb13fe618554eb70d6
- SHA256
  
  dadfa0bfe4c53fae9768297c502304de283e561d7effcabb120804a9b50c1549
- SHA512
  
  48417d024c591663b5dd10dcfeabf16325c74a43dd604d99f20ea8f128072661b47e4883133c6618a6865fef68760557a5772ef925c331457c94bd0e4eefdec3
- SSDEEP
  
  12288:XIKdPItymJ78JYSAEzeOhpiqqFf609uQbSflqjZN7NfXFffa2KqSkTJD:XIePqNgze210EQbSsf91flHD
Score

10^/10

darkcomet crypter1 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometcrypter1defense_evasiondiscoveryrattrojan

behavioral2

darkcometcrypter1defense_evasiondiscoveryrattrojan