darkcomet | 56011c92e0aaf71dbb315143427a71dcd52b19675bcc11267032e78edb593038 | Triage

Sharing

General

Target

JaffaCakes118_3fe4f1f763bcb9c52a47ce5052fadf59
Size

784KB
Sample

250302-nfct9atlx8
MD5

3fe4f1f763bcb9c52a47ce5052fadf59
SHA1

34250f56ef2ee28ec4e3f1b409ef5132e4adfa38
SHA256

56011c92e0aaf71dbb315143427a71dcd52b19675bcc11267032e78edb593038
SHA512

a892bb0e03c4503fcd45a6b0618d65b1d141346aa02b9a9aa215b5d147b181dfdd5114e376ee7d97e0f4d8dcc51d39edf5642c86c702095993e35e328895bcda
SSDEEP

24576:MnVVE5IF4QHlu+UUjv87F4n5jaALwsp4vIUGExGbGej3:Q8IF4QFxI7SswwjrGExGbGej

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
.RVdADsC$V7E
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_3fe4f1f763bcb9c52a47ce5052fadf59
- Size
  
  784KB
- MD5
  
  3fe4f1f763bcb9c52a47ce5052fadf59
- SHA1
  
  34250f56ef2ee28ec4e3f1b409ef5132e4adfa38
- SHA256
  
  56011c92e0aaf71dbb315143427a71dcd52b19675bcc11267032e78edb593038
- SHA512
  
  a892bb0e03c4503fcd45a6b0618d65b1d141346aa02b9a9aa215b5d147b181dfdd5114e376ee7d97e0f4d8dcc51d39edf5642c86c702095993e35e328895bcda
- SSDEEP
  
  24576:MnVVE5IF4QHlu+UUjv87F4n5jaALwsp4vIUGExGbGej3:Q8IF4QFxI7SswwjrGExGbGej
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan