darkcomet | 21862f20df507bcece9fdb0e697acefd086a63c0e4fb43016acf01ef72d8d1c1 | Triage

Sharing

General

Target

JaffaCakes118_924fbcbd59c17edda2beb2c3cb6b4984
Size

662KB
Sample

250329-xbhpdavnz2
MD5

924fbcbd59c17edda2beb2c3cb6b4984
SHA1

802fcab3a7296b5300cba4a32a1d5d4fb15e4ebb
SHA256

21862f20df507bcece9fdb0e697acefd086a63c0e4fb43016acf01ef72d8d1c1
SHA512

13ef8d694e10d704d515f6ba3ce3aa9d4578a5951369839a7e64de5605337b40c11e99847ac413e5d6278d47a1b321ca41a75245cf5457eee574e99989ace9b4
SSDEEP

12288:M3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/Rc:aOA4aWNn/m09fKIaaBEtWq3A1Ov8JgbO

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

pacemaker.no-ip.biz:1258

pacemaker.no-ip.biz:82

192.168.1.101:82

192.168.1.101:1258

Mutex

DC_MUTEX-FGWXJRC

Attributes

gencode
oUu0C51dRXvo
install
false
offline_keylogger
true
password
illuminati
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_924fbcbd59c17edda2beb2c3cb6b4984
- Size
  
  662KB
- MD5
  
  924fbcbd59c17edda2beb2c3cb6b4984
- SHA1
  
  802fcab3a7296b5300cba4a32a1d5d4fb15e4ebb
- SHA256
  
  21862f20df507bcece9fdb0e697acefd086a63c0e4fb43016acf01ef72d8d1c1
- SHA512
  
  13ef8d694e10d704d515f6ba3ce3aa9d4578a5951369839a7e64de5605337b40c11e99847ac413e5d6278d47a1b321ca41a75245cf5457eee574e99989ace9b4
- SSDEEP
  
  12288:M3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/Rc:aOA4aWNn/m09fKIaaBEtWq3A1Ov8JgbO
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan