darkcomet | 47a94fe44f874455fa52481bddebdf2a97c2a06e6c255c221c84b13349f9a388 | Triage

Sharing

General

Target

JaffaCakes118_2f0e4b99540c9a2d7c27782917263cb9
Size

1.6MB
Sample

250227-xxyygsxjx5
MD5

2f0e4b99540c9a2d7c27782917263cb9
SHA1

4dcfaa70ce0aebfa1f7e584a520c655b81a0984a
SHA256

47a94fe44f874455fa52481bddebdf2a97c2a06e6c255c221c84b13349f9a388
SHA512

5767966792aff1263fe4da459dc96a3a9c7c86d084e487c5981f8e6d9bb7da271bdf4c1840d73edd1d0d6faf5de2339fb4af06343cfb6354a6d22d6152b339ba
SSDEEP

49152:WJZoQrbTFZY1iaA69z8VY9JPi+Lna0ccE1Ks:WtrbTA1XCoa+7lE1Ks

Score

10^/10

darkcomet uploadnsell discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

UploadNSell

C2

serverfwe0472.no-ip.biz:2316

Mutex

DC_MUTEX-2FPPCFD

Attributes

gencode
28zSWYo51hGF
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_2f0e4b99540c9a2d7c27782917263cb9
- Size
  
  1.6MB
- MD5
  
  2f0e4b99540c9a2d7c27782917263cb9
- SHA1
  
  4dcfaa70ce0aebfa1f7e584a520c655b81a0984a
- SHA256
  
  47a94fe44f874455fa52481bddebdf2a97c2a06e6c255c221c84b13349f9a388
- SHA512
  
  5767966792aff1263fe4da459dc96a3a9c7c86d084e487c5981f8e6d9bb7da271bdf4c1840d73edd1d0d6faf5de2339fb4af06343cfb6354a6d22d6152b339ba
- SSDEEP
  
  49152:WJZoQrbTFZY1iaA69z8VY9JPi+Lna0ccE1Ks:WtrbTA1XCoa+7lE1Ks
Score

10^/10

darkcomet uploadnsell discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometuploadnselldiscoverypersistencerattrojan

behavioral2

darkcometuploadnselldiscoverypersistencerattrojan