darkcomet | cd645e98bf8c2597668c9ea6ff53e2dc1eb998231ccc609ba2af9a0a3ebffad0 | Triage

Sharing

General

Target

JaffaCakes118_8833645a44f45ba3dd4eaa80c50cf61b
Size

975KB
Sample

250323-2c73wasly9
MD5

8833645a44f45ba3dd4eaa80c50cf61b
SHA1

596a1799f0102fc25b188bde8066cf96b61c6bfb
SHA256

cd645e98bf8c2597668c9ea6ff53e2dc1eb998231ccc609ba2af9a0a3ebffad0
SHA512

f32fe5035f5be1afca87222b05f524d11ab7ea0099291f33348e5a7da21227b4b43e68915b9e45a7d1000197b8637ed9623d0d21a03b893c913985552395f6e2
SSDEEP

12288:NPSDah2JhU3N0mBcEe78NjwMcRTtkqi98zmXY653/U4bfi4wkV702K2a8UlOr+p4:Jg0eyBBhRkTtr5MVPUEwkC2KV8Uu

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

79.180.167.177:80

Mutex

DC_MUTEX-XZ7JRQ8

Attributes

gencode
N5Dor0sTyaMT
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_8833645a44f45ba3dd4eaa80c50cf61b
- Size
  
  975KB
- MD5
  
  8833645a44f45ba3dd4eaa80c50cf61b
- SHA1
  
  596a1799f0102fc25b188bde8066cf96b61c6bfb
- SHA256
  
  cd645e98bf8c2597668c9ea6ff53e2dc1eb998231ccc609ba2af9a0a3ebffad0
- SHA512
  
  f32fe5035f5be1afca87222b05f524d11ab7ea0099291f33348e5a7da21227b4b43e68915b9e45a7d1000197b8637ed9623d0d21a03b893c913985552395f6e2
- SSDEEP
  
  12288:NPSDah2JhU3N0mBcEe78NjwMcRTtkqi98zmXY653/U4bfi4wkV702K2a8UlOr+p4:Jg0eyBBhRkTtr5MVPUEwkC2KV8Uu
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan