darkcomet | 4030d0a18b64320b4a493afefa4772f172e8f654e2960f864e39724d8ca2b661 | Triage

Sharing

General

Target

JaffaCakes118_92e190d4b47da1654778468a6ab62611
Size

1.3MB
Sample

250329-xg2pfaxkw3
MD5

92e190d4b47da1654778468a6ab62611
SHA1

99a796681125b911cdf553cb92287fb019a138b0
SHA256

4030d0a18b64320b4a493afefa4772f172e8f654e2960f864e39724d8ca2b661
SHA512

05e7c60f06c5e43f21d5b50d2bdde858085e0206fe0e8e9214f3232cdee2b57c9215c8ea493dce15a1a4a2d912193e210c6432b9303c9b555df35ceccd17dd34
SSDEEP

24576:aNc62R6So4c+L7Vx5UZek5mK46eCTLQazuoMavqxvfk:a6wWdoN8K461EV

Score

10^/10

darkcomet victim discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Victim

C2

eelghali.no-ip.biz:100

Mutex

DC_MUTEX-RSUKSVB

Attributes

gencode
Qi6Ae9AkhZlx
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_92e190d4b47da1654778468a6ab62611
- Size
  
  1.3MB
- MD5
  
  92e190d4b47da1654778468a6ab62611
- SHA1
  
  99a796681125b911cdf553cb92287fb019a138b0
- SHA256
  
  4030d0a18b64320b4a493afefa4772f172e8f654e2960f864e39724d8ca2b661
- SHA512
  
  05e7c60f06c5e43f21d5b50d2bdde858085e0206fe0e8e9214f3232cdee2b57c9215c8ea493dce15a1a4a2d912193e210c6432b9303c9b555df35ceccd17dd34
- SSDEEP
  
  24576:aNc62R6So4c+L7Vx5UZek5mK46eCTLQazuoMavqxvfk:a6wWdoN8K461EV
Score

10^/10

darkcomet victim discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometvictimdiscoverypersistencerattrojan

behavioral2

darkcometvictimdiscoverypersistencerattrojan