darkcomet | 49b4b9c30d919d1ecf4f901b55fe8919543b2ac772bd3c392bdbbd925782d350 | Triage

Sharing

General

Target

JaffaCakes118_9084424159e638db3a727adc8c382a3a
Size

1.0MB
Sample

250329-wtvk8aym19
MD5

9084424159e638db3a727adc8c382a3a
SHA1

dda3efb1bb6317d8e01cf449ef925238ed7661e8
SHA256

49b4b9c30d919d1ecf4f901b55fe8919543b2ac772bd3c392bdbbd925782d350
SHA512

281e9f430d7268a225c6615129185a342033666fbf6a8f6977afd9039c49bae8e9201081897ddd694279c901cac2d79430e95f65a0eb314ce0b7b71676790f4c
SSDEEP

24576:b11zIys+b2LikSnBPohHC6ND8CM/fkDmTeOt8JV:/fsBSnkC6a/cKTeL

Score

10^/10

darkcomet evo9 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

evo9

C2

benzin.no-ip.biz:101

Mutex

DC_MUTEX-67Y778R

Attributes

gencode
7jY�m7/C145k
install
false
offline_keylogger
true
password
1111
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_9084424159e638db3a727adc8c382a3a
- Size
  
  1.0MB
- MD5
  
  9084424159e638db3a727adc8c382a3a
- SHA1
  
  dda3efb1bb6317d8e01cf449ef925238ed7661e8
- SHA256
  
  49b4b9c30d919d1ecf4f901b55fe8919543b2ac772bd3c392bdbbd925782d350
- SHA512
  
  281e9f430d7268a225c6615129185a342033666fbf6a8f6977afd9039c49bae8e9201081897ddd694279c901cac2d79430e95f65a0eb314ce0b7b71676790f4c
- SSDEEP
  
  24576:b11zIys+b2LikSnBPohHC6ND8CM/fkDmTeOt8JV:/fsBSnkC6a/cKTeL
Score

10^/10

discovery darkcomet evo9 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkcometevo9discoverypersistencerattrojan