darkcomet | e311072e1036e0a7ccea16ee7ee255a5501fb6d03857688542993652ed212f6e | Triage

Sharing

General

Target

JaffaCakes118_b54f50b6baeb2691198955e8137cb6fa
Size

666KB
Sample

250413-v7xgaszp12
MD5

b54f50b6baeb2691198955e8137cb6fa
SHA1

86ce950cec9ea72eaa396f728337911477ed1e35
SHA256

e311072e1036e0a7ccea16ee7ee255a5501fb6d03857688542993652ed212f6e
SHA512

3df54831249539c7de9cf3e1731f3fa58a07eef20ad1fc94e6e959e5487edad8dc39b88efbb5a592f91bee1b342316320e7dba53bb67bc6975354970cb14a298
SSDEEP

12288:x4BheAXzxMOz45UyTPsY4U7yIfTcTEE0j4e1sU0XkbiV/SJDSL:x6heWzCy/yAYhyIYTEE0jzd0XkuV/S9W

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sir999.no-ip.org:1919

Mutex

DC_MUTEX-UD7GKL4

Attributes

InstallPath
Windupdt\winupdaten.exe
gencode
6�-71zNfc0gr
install
true
offline_keylogger
false
password
nova0000
persistence
false
reg_key
winupdaten

rc4.plain

Targets

- Target
  
  JaffaCakes118_b54f50b6baeb2691198955e8137cb6fa
- Size
  
  666KB
- MD5
  
  b54f50b6baeb2691198955e8137cb6fa
- SHA1
  
  86ce950cec9ea72eaa396f728337911477ed1e35
- SHA256
  
  e311072e1036e0a7ccea16ee7ee255a5501fb6d03857688542993652ed212f6e
- SHA512
  
  3df54831249539c7de9cf3e1731f3fa58a07eef20ad1fc94e6e959e5487edad8dc39b88efbb5a592f91bee1b342316320e7dba53bb67bc6975354970cb14a298
- SSDEEP
  
  12288:x4BheAXzxMOz45UyTPsY4U7yIfTcTEE0j4e1sU0XkbiV/SJDSL:x6heWzCy/yAYhyIYTEE0jzd0XkuV/S9W
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan