darkcomet | bb4ebcc2156afcee566265e51df4ae6d26342a0c31b0491354fb282e99134e65 | Triage

Sharing

General

Target

JaffaCakes118_2807eb98bb13a491b5d1ae61fb0cdff0
Size

468KB
Sample

250226-xzd14aztds
MD5

2807eb98bb13a491b5d1ae61fb0cdff0
SHA1

a346a5c0561c5ab1699b169e39dcaff626a6f780
SHA256

bb4ebcc2156afcee566265e51df4ae6d26342a0c31b0491354fb282e99134e65
SHA512

015be877b42d48781391895f6a14c347dbe1153077d3724f78c663216c447a86d5934b19f37d826ad01e0277f373dcfde727654f51710a43d0625e5a93bb35e5
SSDEEP

12288:3gyve4+ok4zKn7/goRZnf3NaZqbvhzl4BQ:9vev4un7/NDfsahzlsQ

Score

10^/10

darkcomet victim discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Victim

C2

subjection.no-ip.biz:1604

Mutex

DC_MUTEX-JMU2WJ5

Attributes

gencode
ivqpgFy*yGPK
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_2807eb98bb13a491b5d1ae61fb0cdff0
- Size
  
  468KB
- MD5
  
  2807eb98bb13a491b5d1ae61fb0cdff0
- SHA1
  
  a346a5c0561c5ab1699b169e39dcaff626a6f780
- SHA256
  
  bb4ebcc2156afcee566265e51df4ae6d26342a0c31b0491354fb282e99134e65
- SHA512
  
  015be877b42d48781391895f6a14c347dbe1153077d3724f78c663216c447a86d5934b19f37d826ad01e0277f373dcfde727654f51710a43d0625e5a93bb35e5
- SSDEEP
  
  12288:3gyve4+ok4zKn7/goRZnf3NaZqbvhzl4BQ:9vev4un7/NDfsahzlsQ
Score

10^/10

darkcomet victim discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometvictimdiscoverypersistencerattrojan

behavioral2

darkcometvictimdiscoverypersistencerattrojan