darkcomet | 23ff7de42ea09c954f36e8554632547c3365fe821e11bb1eac061e1115ba15d4 | Triage

Sharing

General

Target

JaffaCakes118_7fb215db072c4d8e1a4c03595ae96565
Size

1.1MB
Sample

250319-y4l3yavry5
MD5

7fb215db072c4d8e1a4c03595ae96565
SHA1

799d1ff4580ffdb006f6e22cd65cc06df7bcc56f
SHA256

23ff7de42ea09c954f36e8554632547c3365fe821e11bb1eac061e1115ba15d4
SHA512

751e4fbda1270a5ccdc90eab5a4a85c47ee12f7f6b3a02438eb20f23d87b7f7f55407899f8b422a705e1460ca821a0bf28f5d61bfd02a60abe2ed58878dc4752
SSDEEP

24576:tPGSY91VwNJcFMqTNnmJa4dMyMPy+mfeK15bSlC+3keG0q:1GJyV28KWfecFS9dG0q

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

myhost20.no-ip.biz:82

Mutex

DC_MUTEX-RCW2VGW

Attributes

gencode
Xrr0dLuwBjSo
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_7fb215db072c4d8e1a4c03595ae96565
- Size
  
  1.1MB
- MD5
  
  7fb215db072c4d8e1a4c03595ae96565
- SHA1
  
  799d1ff4580ffdb006f6e22cd65cc06df7bcc56f
- SHA256
  
  23ff7de42ea09c954f36e8554632547c3365fe821e11bb1eac061e1115ba15d4
- SHA512
  
  751e4fbda1270a5ccdc90eab5a4a85c47ee12f7f6b3a02438eb20f23d87b7f7f55407899f8b422a705e1460ca821a0bf28f5d61bfd02a60abe2ed58878dc4752
- SSDEEP
  
  24576:tPGSY91VwNJcFMqTNnmJa4dMyMPy+mfeK15bSlC+3keG0q:1GJyV28KWfecFS9dG0q
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan