darkcomet | 284e32551c772a3e28c6d0ee0d660f73506f839de74dad456194a9e8c211c0dc | Triage

Sharing

General

Target

JaffaCakes118_72d59f77aa8c7bbf843c8e0003141a83
Size

728KB
Sample

250314-ce2ansywdy
MD5

72d59f77aa8c7bbf843c8e0003141a83
SHA1

c10fbfd523ce525c663b3cf76b5056cabaf705bf
SHA256

284e32551c772a3e28c6d0ee0d660f73506f839de74dad456194a9e8c211c0dc
SHA512

17d7aa721b232cc9c200b57f2506803397b1cd8452b4afa4fa7d40ffa0255b15f7af2206f0b4aae7a13cacd27f1897627bc90bc0c39b5d58aece32bd88c14f91
SSDEEP

12288:D+phd3a9X/NkaWgRBzQOz/AZf8au0/6DDyBtt9WhVRO+kysTvOEMvwrKO2/oOgw7:gd3ENIWhQp8avowttUhVRO+kyefKO2lb

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

eman.no-ip.info:1604

Mutex

DC_MUTEX-F54S21D

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
Z9EGiPSC1Xr4
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_72d59f77aa8c7bbf843c8e0003141a83
- Size
  
  728KB
- MD5
  
  72d59f77aa8c7bbf843c8e0003141a83
- SHA1
  
  c10fbfd523ce525c663b3cf76b5056cabaf705bf
- SHA256
  
  284e32551c772a3e28c6d0ee0d660f73506f839de74dad456194a9e8c211c0dc
- SHA512
  
  17d7aa721b232cc9c200b57f2506803397b1cd8452b4afa4fa7d40ffa0255b15f7af2206f0b4aae7a13cacd27f1897627bc90bc0c39b5d58aece32bd88c14f91
- SSDEEP
  
  12288:D+phd3a9X/NkaWgRBzQOz/AZf8au0/6DDyBtt9WhVRO+kysTvOEMvwrKO2/oOgw7:gd3ENIWhQp8avowttUhVRO+kyefKO2lb
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2