darkcomet | 2b2c9151014721c42043f00b0f759cad0897754446d76fb6f2e210f20addeee0 | Triage

Sharing

General

Target

JaffaCakes118_96e2e2affdf725d28ceb233ef79c6c68
Size

782KB
Sample

250329-ys45dayxgv
MD5

96e2e2affdf725d28ceb233ef79c6c68
SHA1

ae3d0dbe152eab9b4c3d6e408dec4f8e33d3cf31
SHA256

2b2c9151014721c42043f00b0f759cad0897754446d76fb6f2e210f20addeee0
SHA512

1a3fa68c2067d2e97b64f2e3102c3292976d42cfe140d6c4b0079f14d965041afabccea56bcae6a8f715349ab470498041267701c5ecbd6097d692ba043c6dfb
SSDEEP

24576:OnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpKPP:EELbVMTrOq4YP

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hacker4life.no-ip.biz:81

Mutex

DC_MUTEX-CDQB6J1

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
5uRoRoJkYqeL
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  JaffaCakes118_96e2e2affdf725d28ceb233ef79c6c68
- Size
  
  782KB
- MD5
  
  96e2e2affdf725d28ceb233ef79c6c68
- SHA1
  
  ae3d0dbe152eab9b4c3d6e408dec4f8e33d3cf31
- SHA256
  
  2b2c9151014721c42043f00b0f759cad0897754446d76fb6f2e210f20addeee0
- SHA512
  
  1a3fa68c2067d2e97b64f2e3102c3292976d42cfe140d6c4b0079f14d965041afabccea56bcae6a8f715349ab470498041267701c5ecbd6097d692ba043c6dfb
- SSDEEP
  
  24576:OnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpKPP:EELbVMTrOq4YP
Score

10^/10

discovery darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

behavioral2

darkcometguest16discoverypersistencerattrojan