darkcomet | 10adb514186b36e74a909a5d6c4c95992e597a1d68b1d7f5337032d308697d24 | Triage

Sharing

General

Target

JaffaCakes118_21d8d4727b84ea265a897a7d42685631
Size

1.4MB
Sample

250225-cawvdstrt6
MD5

21d8d4727b84ea265a897a7d42685631
SHA1

c2e81d40109e814174632e7dc563096ea25e5976
SHA256

10adb514186b36e74a909a5d6c4c95992e597a1d68b1d7f5337032d308697d24
SHA512

05b7a439353d4f78ba475510ff1c548515e8236401b537bf44ef14ec730ee66051c3061c3bf0bc14d7487a4597f1297e66dd41cbc742e483d720e7a77c2ba94b
SSDEEP

24576:t6yty/kYUDyu/lFCHC2SxjlmfxoxkiK83MI6Ab3v+qhBnxLm/J1:3QkYYy4e+62kiHWq/xL

Score

10^/10

darkcomet test niggers discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

test niggers

C2

96.241.226.104 :1604

Mutex

DC_MUTEX-YGHTGDN

Attributes

gencode
K�zrm�7w9/fR
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_21d8d4727b84ea265a897a7d42685631
- Size
  
  1.4MB
- MD5
  
  21d8d4727b84ea265a897a7d42685631
- SHA1
  
  c2e81d40109e814174632e7dc563096ea25e5976
- SHA256
  
  10adb514186b36e74a909a5d6c4c95992e597a1d68b1d7f5337032d308697d24
- SHA512
  
  05b7a439353d4f78ba475510ff1c548515e8236401b537bf44ef14ec730ee66051c3061c3bf0bc14d7487a4597f1297e66dd41cbc742e483d720e7a77c2ba94b
- SSDEEP
  
  24576:t6yty/kYUDyu/lFCHC2SxjlmfxoxkiK83MI6Ab3v+qhBnxLm/J1:3QkYYy4e+62kiHWq/xL
Score

10^/10

darkcomet test niggers discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomettest niggersdiscoverypersistencerattrojan

behavioral2

darkcomettest niggersdiscoverypersistencerattrojan