darkcomet | bf9e49eaecc0dd3028a01ed883419c9c939f9f2e63f94453b7dd4829f7d95e66 | Triage

Sharing

General

Target

JaffaCakes118_b43ba85a03bf4335d1d3909c8efa173a
Size

1.2MB
Sample

250413-ljpxwatsez
MD5

b43ba85a03bf4335d1d3909c8efa173a
SHA1

dfa4d47a3adf9327b7a7bc31218a2b71cb1dcc5d
SHA256

bf9e49eaecc0dd3028a01ed883419c9c939f9f2e63f94453b7dd4829f7d95e66
SHA512

ee27aa6899dcafbc4498cda3daa415338c5261e353ae67c1083e37356ff1735e6bca41818cf1a5fbba05867168cd92876da43a17d5197c02a48baaad255db296
SSDEEP

24576:LESXV0YFkxerjdJ6dqOuSxqMuv4ktUIvTfZbnDfS0mTBypPEIRDL:BF0Y6xerjLUqMqz16kx3K0mTBypcSD

Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hostmee.no-ip.org:1604

Mutex

DC_MUTEX-3WPRR8U

Attributes

gencode
vFVvoYk4wjmc
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_b43ba85a03bf4335d1d3909c8efa173a
- Size
  
  1.2MB
- MD5
  
  b43ba85a03bf4335d1d3909c8efa173a
- SHA1
  
  dfa4d47a3adf9327b7a7bc31218a2b71cb1dcc5d
- SHA256
  
  bf9e49eaecc0dd3028a01ed883419c9c939f9f2e63f94453b7dd4829f7d95e66
- SHA512
  
  ee27aa6899dcafbc4498cda3daa415338c5261e353ae67c1083e37356ff1735e6bca41818cf1a5fbba05867168cd92876da43a17d5197c02a48baaad255db296
- SSDEEP
  
  24576:LESXV0YFkxerjdJ6dqOuSxqMuv4ktUIvTfZbnDfS0mTBypPEIRDL:BF0Y6xerjLUqMqz16kx3K0mTBypcSD
Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Executes dropped EXE
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoverypersistencerattrojan