darkcomet | 13189cbd25fa0734030af69d72f0d13552b4d491d2ce7a837da3a16c5ed1ef50 | Triage

Sharing

General

Target

JaffaCakes118_396698daa84449bbf7cf77515a9873f0
Size

513KB
Sample

250301-q8z7cstjv7
MD5

396698daa84449bbf7cf77515a9873f0
SHA1

98ef481cad067560a6719b3dab9833534e56902c
SHA256

13189cbd25fa0734030af69d72f0d13552b4d491d2ce7a837da3a16c5ed1ef50
SHA512

3c864ebb260a47d012ce355a880f02decd402fe21f6c6ea633805133ee4317ad3e321f5a96bba30a14ed4ed266dbd5520f75958e4b03ba8b24d396090bd23042
SSDEEP

12288:UL8z6x5Pfz0GNTK7KgdEy1/kgfLeTHeVZmf:io6xVDNuugdB/2LeVEf

Score

10^/10

darkcomet 0603 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

0603

C2

khazar.no-ip.biz:1337

Mutex

DC_MUTEX-8K2N9U2

Attributes

gencode
AkHwCWWgNKJd
install
false
offline_keylogger
true
password
ybkds3nz3gwt
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_396698daa84449bbf7cf77515a9873f0
- Size
  
  513KB
- MD5
  
  396698daa84449bbf7cf77515a9873f0
- SHA1
  
  98ef481cad067560a6719b3dab9833534e56902c
- SHA256
  
  13189cbd25fa0734030af69d72f0d13552b4d491d2ce7a837da3a16c5ed1ef50
- SHA512
  
  3c864ebb260a47d012ce355a880f02decd402fe21f6c6ea633805133ee4317ad3e321f5a96bba30a14ed4ed266dbd5520f75958e4b03ba8b24d396090bd23042
- SSDEEP
  
  12288:UL8z6x5Pfz0GNTK7KgdEy1/kgfLeTHeVZmf:io6xVDNuugdB/2LeVEf
Score

10^/10

darkcomet 0603 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet0603discoverypersistencerattrojan

behavioral2

darkcomet0603discoverypersistencerattrojan