darkcomet | b4e9b4abd1b90a724a073f7acd9ddbe34a547f2c53ff0c9740b43f408253b302 | Triage

Sharing

General

Target

f45e5a09535db4501c895ca74bbc5b8c_JaffaCakes118
Size

808KB
Sample

240416-1c4j1sef9z
MD5

f45e5a09535db4501c895ca74bbc5b8c
SHA1

51dcc9d90c2ef023f83f9f929ab9dfd4f9dbd300
SHA256

b4e9b4abd1b90a724a073f7acd9ddbe34a547f2c53ff0c9740b43f408253b302
SHA512

b06a46bbe152ee2dcb33e5f159c59e012b44a647528b2a6604a238afcb6db9365518d5edcb35aa824e8d3e97ae6a392ca0db3e151f2e8961daccaed11a720c5f
SSDEEP

24576:6cs2AwjOQIRP6XDFpxbV3mD7qcURNP6RNPyvzR:6cs2AqOQIA3xpOecURNP6RNPybR

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-BQKM08T

Attributes

gencode
Vmwer6npedDB
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f45e5a09535db4501c895ca74bbc5b8c_JaffaCakes118
- Size
  
  808KB
- MD5
  
  f45e5a09535db4501c895ca74bbc5b8c
- SHA1
  
  51dcc9d90c2ef023f83f9f929ab9dfd4f9dbd300
- SHA256
  
  b4e9b4abd1b90a724a073f7acd9ddbe34a547f2c53ff0c9740b43f408253b302
- SHA512
  
  b06a46bbe152ee2dcb33e5f159c59e012b44a647528b2a6604a238afcb6db9365518d5edcb35aa824e8d3e97ae6a392ca0db3e151f2e8961daccaed11a720c5f
- SSDEEP
  
  24576:6cs2AwjOQIRP6XDFpxbV3mD7qcURNP6RNPyvzR:6cs2AqOQIA3xpOecURNP6RNPybR
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan