darkcomet | af3abbae00423af0d7ea417c0a488c66744e7dcf09f00b34967c620809622a20 | Triage

Sharing

General

Target

JaffaCakes118_21869a2e70e6e250f167a1432f4c7f85
Size

950KB
Sample

250223-v2swxstjhw
MD5

21869a2e70e6e250f167a1432f4c7f85
SHA1

37cb7c9616c530361adfe3e3f37f58653e29d1cb
SHA256

af3abbae00423af0d7ea417c0a488c66744e7dcf09f00b34967c620809622a20
SHA512

48444832ce4f6e0c1d1ac517407800d060f19baca79aa5a25c62dffb906a6ea1f0fb4f146e6301a5f9effc0575fcb1b7a6a7102f5b09c3d27611ba2daa2be44f
SSDEEP

24576:Rayr5Ms1sZAnfOUibyKbCaUvaTRb+zQy7A:51sOxRk+RA

Score

10^/10

darkcomet jonas discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Jonas

C2

suckiton.no-ip.org:8182

Mutex

DC_MUTEX-88C0JVR

Attributes

gencode
UW.y#aYPHHT4
install
false
offline_keylogger
true
password
amuras123
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_21869a2e70e6e250f167a1432f4c7f85
- Size
  
  950KB
- MD5
  
  21869a2e70e6e250f167a1432f4c7f85
- SHA1
  
  37cb7c9616c530361adfe3e3f37f58653e29d1cb
- SHA256
  
  af3abbae00423af0d7ea417c0a488c66744e7dcf09f00b34967c620809622a20
- SHA512
  
  48444832ce4f6e0c1d1ac517407800d060f19baca79aa5a25c62dffb906a6ea1f0fb4f146e6301a5f9effc0575fcb1b7a6a7102f5b09c3d27611ba2daa2be44f
- SSDEEP
  
  24576:Rayr5Ms1sZAnfOUibyKbCaUvaTRb+zQy7A:51sOxRk+RA
Score

10^/10

darkcomet jonas discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometjonasdiscoverypersistencerattrojan

behavioral2

darkcometjonasdiscoverypersistencerattrojan