darkcomet | 4156ee12ea6a1563cd91f1488de7e42e3e213acd645127dac170787bf079b946 | Triage

Sharing

General

Target

JaffaCakes118_24bd9cd82fbc91f0e8c1bc0eefbf0944
Size

1.3MB
Sample

250226-kjrwsssky9
MD5

24bd9cd82fbc91f0e8c1bc0eefbf0944
SHA1

e20be8c9bfe693e9e7edaeafcf8dbbbf821c2979
SHA256

4156ee12ea6a1563cd91f1488de7e42e3e213acd645127dac170787bf079b946
SHA512

c47a7bd80938e7359b4ed84aa02fc20c1f87d5fbeffd4d51189fe09393785efe9052fdbe834b6f78a398df703edec94b872f24065fcfff3ef7399d315589ff5a
SSDEEP

24576:Hhqk/8O55m4/bK4XuNGLBGAxBFuRm5zxlpUey0gf58Cnu/+KI5fwHko1tK/FIIbL:Hhqk/T55m4+Lams5ILDskorKWw

Score

10^/10

darkcomet guest1 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest1

C2

19484.no-ip.biz:1604

Mutex

DC_MUTEX-Y676WZN

Attributes

gencode
hKrpcAheNmZt
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_24bd9cd82fbc91f0e8c1bc0eefbf0944
- Size
  
  1.3MB
- MD5
  
  24bd9cd82fbc91f0e8c1bc0eefbf0944
- SHA1
  
  e20be8c9bfe693e9e7edaeafcf8dbbbf821c2979
- SHA256
  
  4156ee12ea6a1563cd91f1488de7e42e3e213acd645127dac170787bf079b946
- SHA512
  
  c47a7bd80938e7359b4ed84aa02fc20c1f87d5fbeffd4d51189fe09393785efe9052fdbe834b6f78a398df703edec94b872f24065fcfff3ef7399d315589ff5a
- SSDEEP
  
  24576:Hhqk/8O55m4/bK4XuNGLBGAxBFuRm5zxlpUey0gf58Cnu/+KI5fwHko1tK/FIIbL:Hhqk/T55m4+Lams5ILDskorKWw
Score

10^/10

darkcomet guest1 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest1discoverypersistencerattrojan

behavioral2

darkcometguest1discoverypersistencerattrojan