darkcomet | 6d481b29bc81dc85cbe5ba4a8b82224d1b3dc0b8dadb012f5f92f4c8e4a14db6 | Triage

Sharing

General

Target

JaffaCakes118_c0295404b7677140fb0a140dd0aca4e2
Size

1.0MB
Sample

250418-2282gazry4
MD5

c0295404b7677140fb0a140dd0aca4e2
SHA1

d9335d5d88d9c310e1457142c3b6f0a3d0a91819
SHA256

6d481b29bc81dc85cbe5ba4a8b82224d1b3dc0b8dadb012f5f92f4c8e4a14db6
SHA512

38c6f47249622019d129eef71bc38f981532c921044f3e00c440315a1536813efabd3d1adeba10856004b8b0622ec63cec16cfae068bcf306310b967aac0a7c4
SSDEEP

12288:hJJPMPW54G8MRdYXRYgse02EC50RHZm9dGvF1Q7ylaX57R6BhkdPM2K3Dg4WHOuN:Hxe04IeYq1EZJ9B+t5hLc3tZ2j

Score

10^/10

darkcomet guest16 discovery persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ccepic.no-ip.org:1225

Mutex

DC_MUTEX-MZ4A53Z

Attributes

gencode
GcDN=yut6eFK
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c0295404b7677140fb0a140dd0aca4e2
- Size
  
  1.0MB
- MD5
  
  c0295404b7677140fb0a140dd0aca4e2
- SHA1
  
  d9335d5d88d9c310e1457142c3b6f0a3d0a91819
- SHA256
  
  6d481b29bc81dc85cbe5ba4a8b82224d1b3dc0b8dadb012f5f92f4c8e4a14db6
- SHA512
  
  38c6f47249622019d129eef71bc38f981532c921044f3e00c440315a1536813efabd3d1adeba10856004b8b0622ec63cec16cfae068bcf306310b967aac0a7c4
- SSDEEP
  
  12288:hJJPMPW54G8MRdYXRYgse02EC50RHZm9dGvF1Q7ylaX57R6BhkdPM2K3Dg4WHOuN:Hxe04IeYq1EZJ9B+t5hLc3tZ2j
Score

10^/10

darkcomet guest16 discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoverypersistencerattrojan

behavioral2

darkcometguest16discoverypersistencerattrojan