darkcomet | 42c50b12f51d8024e8ff95635987c4762de53e13c9751d2309564caa5d3e7ed5 | Triage

Submit
Reports

Overview

overview

Static

static

3

0919b6a41b...18.exe

windows7-x64

0919b6a41b...18.exe

windows10-2004-x64

Sharing

General

Target

0919b6a41b7255553db07dc927daef4d_JaffaCakes118
Size

1.3MB
Sample

240624-rzl4ta1ajn
MD5

0919b6a41b7255553db07dc927daef4d
SHA1

947884655361f69d6b99443f43d3819f9b08d1f1
SHA256

42c50b12f51d8024e8ff95635987c4762de53e13c9751d2309564caa5d3e7ed5
SHA512

a0c9c048c6e55d9961991eb6c63728c77c57e78908899639bce0550e4cd66b4528d54dedd2895e610b2e03f22bfcae3705043307ef3ddc6ee6d568797c2032d1
SSDEEP

24576:/YsCJfxcd42BIjFnd3gwU7Ze0Hmt9rgv8Ku6I6sL9NVuJb9ZK:/YpyOZxlKuacqo

Score

10^/10

darkcomet guest16 persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0919b6a41b7255553db07dc927daef4d_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet guest16 persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0919b6a41b7255553db07dc927daef4d_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet guest16 persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

meisam.no-ip.info:1604

meisam.no-ip.info:1605

meisam.no-ip.info:1606

Mutex

DC_MUTEX-C19NEME

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
eXUyCaLA1jUs
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Targets

- Target
  
  0919b6a41b7255553db07dc927daef4d_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  0919b6a41b7255553db07dc927daef4d
- SHA1
  
  947884655361f69d6b99443f43d3819f9b08d1f1
- SHA256
  
  42c50b12f51d8024e8ff95635987c4762de53e13c9751d2309564caa5d3e7ed5
- SHA512
  
  a0c9c048c6e55d9961991eb6c63728c77c57e78908899639bce0550e4cd66b4528d54dedd2895e610b2e03f22bfcae3705043307ef3ddc6ee6d568797c2032d1
- SSDEEP
  
  24576:/YsCJfxcd42BIjFnd3gwU7Ze0Hmt9rgv8Ku6I6sL9NVuJb9ZK:/YpyOZxlKuacqo
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan

© 2018-2024

Terms | Privacy