darkcomet | da204cf93005c61a0fc0cc4ece8c9b9bf7b63198af29cdeeb3ac190f59d39195 | Triage

Submit
Reports

Overview

overview

Static

static

7

1b7680e1fc...18.exe

windows7-x64

1b7680e1fc...18.exe

windows10-2004-x64

Sharing

General

Target

1b7680e1fc999d748b468ce218fe0473_JaffaCakes118
Size

896KB
Sample

240701-qnh3caxdpj
MD5

1b7680e1fc999d748b468ce218fe0473
SHA1

08f4dfa1068b2f546b8131d483b7c4553349e897
SHA256

da204cf93005c61a0fc0cc4ece8c9b9bf7b63198af29cdeeb3ac190f59d39195
SHA512

59b3fbfcc38d590b6c26b5c9b555c36b15d0573000fbdd8cc5ffd257a181e46505b262469fd42006b857d82701b0f4ced4a6d63069a4692065704938c665b9b3
SSDEEP

12288:OHZEOCafvtr2AIFKGg3s9CibaPKiCR8APGpYqckJPArSWPGX76ax+G+1km3CekJB:sZEOCadKdQTAjb276ugBOISm7D2orK

Score

10^/10

darkcomet ãäêïì persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1b7680e1fc999d748b468ce218fe0473_JaffaCakes118.exe

Resource

win7-20231129-en

darkcomet ãäêïì persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b7680e1fc999d748b468ce218fe0473_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet ãäêïì persistence rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

ãäÊÏì

C2

nnns.zapto.org:4433

Mutex

DC_MUTEX-HTT3CAX

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
BkangWFkKcGv
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  1b7680e1fc999d748b468ce218fe0473_JaffaCakes118
- Size
  
  896KB
- MD5
  
  1b7680e1fc999d748b468ce218fe0473
- SHA1
  
  08f4dfa1068b2f546b8131d483b7c4553349e897
- SHA256
  
  da204cf93005c61a0fc0cc4ece8c9b9bf7b63198af29cdeeb3ac190f59d39195
- SHA512
  
  59b3fbfcc38d590b6c26b5c9b555c36b15d0573000fbdd8cc5ffd257a181e46505b262469fd42006b857d82701b0f4ced4a6d63069a4692065704938c665b9b3
- SSDEEP
  
  12288:OHZEOCafvtr2AIFKGg3s9CibaPKiCR8APGpYqckJPArSWPGX76ax+G+1km3CekJB:sZEOCadKdQTAjb276ugBOISm7D2orK
Score

10^/10

darkcomet ãäêïì persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometãäêïìpersistencerattrojan

behavioral2

darkcometãäêïìpersistencerattrojan

© 2018-2024

Terms | Privacy