darkcomet | de482bd15580821be38c7fbf54d9bde1a99479878df4a778f2d560a6d0a04d36 | Triage

Sharing

General

Target

JaffaCakes118_c28d23bbece8597dcb052de30f58a2a1
Size

700KB
Sample

250419-nsd8vavthx
MD5

c28d23bbece8597dcb052de30f58a2a1
SHA1

95fe965c5c46d9d75a8631fe474501ccad65bd03
SHA256

de482bd15580821be38c7fbf54d9bde1a99479878df4a778f2d560a6d0a04d36
SHA512

44104fdc4b89ba0fed05d1f43ea1ec7a699217fcc6eb29145758aa0f09ede68c602b2de214fcf4784e3a6eaba99e9f47c699131642596899953aecd0e3cb7c39
SSDEEP

12288:B/aUwA5yqYWvm0q6M9MXgTQUwZuVn7Yj+DV/4cudsb+5rGL:HDYgm0qAAQ3ZI8uB4cudJ5iL

Score

10^/10

darkcomet first defense_evasion discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

First

C2

tantonacci.no-ip.org:1604

Mutex

DC_MUTEX-0TU1E1M

Attributes

gencode
mPX5dWryJH#R
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c28d23bbece8597dcb052de30f58a2a1
- Size
  
  700KB
- MD5
  
  c28d23bbece8597dcb052de30f58a2a1
- SHA1
  
  95fe965c5c46d9d75a8631fe474501ccad65bd03
- SHA256
  
  de482bd15580821be38c7fbf54d9bde1a99479878df4a778f2d560a6d0a04d36
- SHA512
  
  44104fdc4b89ba0fed05d1f43ea1ec7a699217fcc6eb29145758aa0f09ede68c602b2de214fcf4784e3a6eaba99e9f47c699131642596899953aecd0e3cb7c39
- SSDEEP
  
  12288:B/aUwA5yqYWvm0q6M9MXgTQUwZuVn7Yj+DV/4cudsb+5rGL:HDYgm0qAAQ3ZI8uB4cudJ5iL
Score

10^/10

darkcomet first defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Executes dropped EXE
- Windows security modification
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometfirstdefense_evasiondiscoveryrattrojan

behavioral2

darkcometfirstdefense_evasiondiscoveryrattrojan