darkcomet | 5e4c596fc043671c97a3dd9b8c52e577df180ccfcb43c6b4832b866fd4bc25d8 | Triage

Sharing

General

Target

JaffaCakes118_93869c018a3ede86220ff1f99340b5e1
Size

550KB
Sample

250329-xpwhdsxxbw
MD5

93869c018a3ede86220ff1f99340b5e1
SHA1

046cae802afe26f8b52ad5c26bf7b585b7fed288
SHA256

5e4c596fc043671c97a3dd9b8c52e577df180ccfcb43c6b4832b866fd4bc25d8
SHA512

7689b950d1fc92fe79913cbd97f8dae5c8c09feb9f548cb5712a1b9e73ab8dd59a22337f9f29cc45f7910ee7e19086714e2c0ad5bc31578e7fe4c70241ed0de2
SSDEEP

12288:5HUJ4HzMCu3TZHXsHPvGuFNosu1FV9Za9WbSOAp69w:50JuRujtChos0SPp6a

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

86.120.144.30:1604

Mutex

DC_MUTEX-CU201X0

Attributes

gencode
E4J3J=HuBX8S
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_93869c018a3ede86220ff1f99340b5e1
- Size
  
  550KB
- MD5
  
  93869c018a3ede86220ff1f99340b5e1
- SHA1
  
  046cae802afe26f8b52ad5c26bf7b585b7fed288
- SHA256
  
  5e4c596fc043671c97a3dd9b8c52e577df180ccfcb43c6b4832b866fd4bc25d8
- SHA512
  
  7689b950d1fc92fe79913cbd97f8dae5c8c09feb9f548cb5712a1b9e73ab8dd59a22337f9f29cc45f7910ee7e19086714e2c0ad5bc31578e7fe4c70241ed0de2
- SSDEEP
  
  12288:5HUJ4HzMCu3TZHXsHPvGuFNosu1FV9Za9WbSOAp69w:50JuRujtChos0SPp6a
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan