darkcomet | 7c050d74c518faf792bcc42bd35ced64d6c3c0b7d5889e0dd0874cb919881870 | Triage

Sharing

General

Target

JaffaCakes118_badce2582b284b0e75699c26fd744032
Size

724KB
Sample

250417-yc3avaslw9
MD5

badce2582b284b0e75699c26fd744032
SHA1

17e3b99427a46e8377e316b92ec54502fe304ff2
SHA256

7c050d74c518faf792bcc42bd35ced64d6c3c0b7d5889e0dd0874cb919881870
SHA512

d13a4b4cfa244ed57b9299a88915e91dde415dd506c04852ba5b800b06e5e8620ef2f5af1587e7b4a87444f63d008d869041aac997014f88153af6d0c846c2ca
SSDEEP

12288:V5Xb1dn5NZV/wVP+ij7ehd4sn5XMZ+8PaD6VN2dDX9bcV7+iW04J2RrDyr3G3:7/5NZVcPtGMo8ZnaD6VNEXkSdZJ2R3yj

Score

10^/10

darkcomet lucas slave discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Lucas Slave

C2

servercontrol.no-ip.org:1396

Mutex

DC_MUTEX-JUF1SWT

Attributes

gencode
lB5XGx$#R�#X
install
false
offline_keylogger
false
password
0123456789876543210
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_badce2582b284b0e75699c26fd744032
- Size
  
  724KB
- MD5
  
  badce2582b284b0e75699c26fd744032
- SHA1
  
  17e3b99427a46e8377e316b92ec54502fe304ff2
- SHA256
  
  7c050d74c518faf792bcc42bd35ced64d6c3c0b7d5889e0dd0874cb919881870
- SHA512
  
  d13a4b4cfa244ed57b9299a88915e91dde415dd506c04852ba5b800b06e5e8620ef2f5af1587e7b4a87444f63d008d869041aac997014f88153af6d0c846c2ca
- SSDEEP
  
  12288:V5Xb1dn5NZV/wVP+ij7ehd4sn5XMZ+8PaD6VN2dDX9bcV7+iW04J2RrDyr3G3:7/5NZVcPtGMo8ZnaD6VNEXkSdZJ2R3yj
Score

10^/10

darkcomet lucas slave discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlucas slavediscoveryrattrojan

behavioral2

darkcometlucas slavediscoveryrattrojan