darkcomet | 86c7e250b9b3e4cbd7a3287011fbf212dd48f6afcfb5f226a11b5fea24ecbe3d | Triage

Sharing

General

Target

f78c0e1ce4b55a7cb15aa5c658ea7869_JaffaCakes118
Size

762KB
Sample

240418-jexe2sgc6w
MD5

f78c0e1ce4b55a7cb15aa5c658ea7869
SHA1

d94b5a56d2229e38087927e3b135b699bfb1ee41
SHA256

86c7e250b9b3e4cbd7a3287011fbf212dd48f6afcfb5f226a11b5fea24ecbe3d
SHA512

3e1afdfd6c9d19fd51e6fcf0cb0ec30601c55096748debd38c33e8203aa799231268c096f7bca2ed17cb531e8f7522d8fef51e30864d0aef42eea0273a5bd5ae
SSDEEP

12288:dfbTcwXKp/oZ/0fY+VzD/2VU0p5LG4D0BQz7dbIXDnvziFQC1M6HRMuK7kJjwU:dncwMQhGqq0qKsQz7d6mef7kB

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-6H00RHC

Attributes

gencode
GSjCCgNrE819
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f78c0e1ce4b55a7cb15aa5c658ea7869_JaffaCakes118
- Size
  
  762KB
- MD5
  
  f78c0e1ce4b55a7cb15aa5c658ea7869
- SHA1
  
  d94b5a56d2229e38087927e3b135b699bfb1ee41
- SHA256
  
  86c7e250b9b3e4cbd7a3287011fbf212dd48f6afcfb5f226a11b5fea24ecbe3d
- SHA512
  
  3e1afdfd6c9d19fd51e6fcf0cb0ec30601c55096748debd38c33e8203aa799231268c096f7bca2ed17cb531e8f7522d8fef51e30864d0aef42eea0273a5bd5ae
- SSDEEP
  
  12288:dfbTcwXKp/oZ/0fY+VzD/2VU0p5LG4D0BQz7dbIXDnvziFQC1M6HRMuK7kJjwU:dncwMQhGqq0qKsQz7d6mef7kB
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan