darkcomet | 2094c761cc993cf267b51d24db7249a520c475336a5ea980fc2db70214a614c9 | Triage

Sharing

General

Target

JaffaCakes118_2d1ddd5d6bde84b1da22df5c40171a81
Size

561KB
Sample

250227-n92epswwhw
MD5

2d1ddd5d6bde84b1da22df5c40171a81
SHA1

ec456e374d55bbe82e5c1282404c0d48c68fe359
SHA256

2094c761cc993cf267b51d24db7249a520c475336a5ea980fc2db70214a614c9
SHA512

40f904196e4fd5d30ee6b116dba327bb22c143c3659cd74e0b522f6316011d297f132dfe93515cdeb48e3d5b2e7e06721950feb8142a042cc79b933b6fafa2fd
SSDEEP

12288:3LoRy90QIxmPHOsfYtMHwVyM0dpRYt+A12:cy3/PHYaHwVyhJ82

Score

10^/10

darkcomet k123 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

K123

C2

192.168.1.3:500

192.168.1.3:123

192.168.1.3:139

192.168.1.3:80

Mutex

DC_MUTEX-XXGD012

Attributes

gencode
*h6UE+Z/qNTu
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_2d1ddd5d6bde84b1da22df5c40171a81
- Size
  
  561KB
- MD5
  
  2d1ddd5d6bde84b1da22df5c40171a81
- SHA1
  
  ec456e374d55bbe82e5c1282404c0d48c68fe359
- SHA256
  
  2094c761cc993cf267b51d24db7249a520c475336a5ea980fc2db70214a614c9
- SHA512
  
  40f904196e4fd5d30ee6b116dba327bb22c143c3659cd74e0b522f6316011d297f132dfe93515cdeb48e3d5b2e7e06721950feb8142a042cc79b933b6fafa2fd
- SSDEEP
  
  12288:3LoRy90QIxmPHOsfYtMHwVyM0dpRYt+A12:cy3/PHYaHwVyhJ82
Score

10^/10

darkcomet k123 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometk123discoverypersistencerattrojan

behavioral2

darkcometk123discoverypersistencerattrojan