darkcomet | 8f671bd0b76e4386233b6ce6f6835b3d91c37b78cba0e82c8926fb64b8bdd02e | Triage

Sharing

General

Target

JaffaCakes118_84d68ba099bf7d81396670964a1bd7b7
Size

733KB
Sample

250321-1g342svjs6
MD5

84d68ba099bf7d81396670964a1bd7b7
SHA1

29bb85f5027b374c37dc479b7e4517de7ffd8bb7
SHA256

8f671bd0b76e4386233b6ce6f6835b3d91c37b78cba0e82c8926fb64b8bdd02e
SHA512

72b84177442cd34d0ed037401526996399344b1c60e23e94e9194026c6a827bbba008cb4fd8c7ecc66986f8693786c449df4ac939cb5becbfc3797aa2e6b479b
SSDEEP

12288:rpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/:dwAcu99lPzvxP+Bsz2XjWTRMQckkIXn

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-2AD3ANP

Attributes

gencode
dSZ%/RV-Q62j
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_84d68ba099bf7d81396670964a1bd7b7
- Size
  
  733KB
- MD5
  
  84d68ba099bf7d81396670964a1bd7b7
- SHA1
  
  29bb85f5027b374c37dc479b7e4517de7ffd8bb7
- SHA256
  
  8f671bd0b76e4386233b6ce6f6835b3d91c37b78cba0e82c8926fb64b8bdd02e
- SHA512
  
  72b84177442cd34d0ed037401526996399344b1c60e23e94e9194026c6a827bbba008cb4fd8c7ecc66986f8693786c449df4ac939cb5becbfc3797aa2e6b479b
- SSDEEP
  
  12288:rpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/:dwAcu99lPzvxP+Bsz2XjWTRMQckkIXn
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan