darkcomet | 9c790e52f85186e54147c1bc6dd5aa324107979d88f482b26514dcb3a280dd68 | Triage

Sharing

General

Target

JaffaCakes118_988f08c71b487bb22b9228638056f698
Size

1.4MB
Sample

250330-mr1vsayry8
MD5

988f08c71b487bb22b9228638056f698
SHA1

34d6fa78c457f0a65ec6cb889101b0566ea4303c
SHA256

9c790e52f85186e54147c1bc6dd5aa324107979d88f482b26514dcb3a280dd68
SHA512

68610dd0331714477c1a90b680b40ba0d0c09c595360da14a8a86c568cb1e19a02e2eeaeb90f544c9c9fd262d05a9344a5fcd9080a9d2f67a6cb121a59d5d604
SSDEEP

24576:rs/yLn3xnI9bO7pus5DGd3T1cKvJwIUclPuZg1It9xAwl8reoApx5:IKLlGbGJydD1QMCgO9N

Score

10^/10

darkcomet living room pc discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Living Room PC

C2

192.168.1.106:1604

Mutex

DC_MUTEX-6GSK0WX

Attributes

InstallPath
DarkComet Server\DarkComet Server.exe
gencode
8YY5R9UWixVK
install
true
offline_keylogger
true
persistence
true
reg_key
DarkComet Server

rc4.plain

Targets

- Target
  
  JaffaCakes118_988f08c71b487bb22b9228638056f698
- Size
  
  1.4MB
- MD5
  
  988f08c71b487bb22b9228638056f698
- SHA1
  
  34d6fa78c457f0a65ec6cb889101b0566ea4303c
- SHA256
  
  9c790e52f85186e54147c1bc6dd5aa324107979d88f482b26514dcb3a280dd68
- SHA512
  
  68610dd0331714477c1a90b680b40ba0d0c09c595360da14a8a86c568cb1e19a02e2eeaeb90f544c9c9fd262d05a9344a5fcd9080a9d2f67a6cb121a59d5d604
- SSDEEP
  
  24576:rs/yLn3xnI9bO7pus5DGd3T1cKvJwIUclPuZg1It9xAwl8reoApx5:IKLlGbGJydD1QMCgO9N
Score

10^/10

darkcomet living room pc discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkcometliving room pcdiscoverypersistencerattrojan