darkcomet | 69de3ac6dbc2f444a2733fcbcb47d9c4825f998ded6997671d88972b865cbcfa | Triage

Sharing

General

Target

fbfa2ed9ed513628af57f0a5981fec4c_JaffaCakes118
Size

2.3MB
Sample

240420-flft4aha99
MD5

fbfa2ed9ed513628af57f0a5981fec4c
SHA1

01bcb8f9cd5cb8a27771ff58cf9dc58b5e64dc31
SHA256

69de3ac6dbc2f444a2733fcbcb47d9c4825f998ded6997671d88972b865cbcfa
SHA512

a12d958c2455611f345eca814dbb4ceb108c0807ff3918dba5a9a987b496f55941a5d4802163bd2ab6f95be8f3008dc7e33f2f5eeaad0a4ce8860ad1c02cb23a
SSDEEP

24576:KRmJkcoQricOIQxiZY1ia8sAIJlSvaeUCqZlU2GmwdlJlcmZ/Uns3EX:PJZoQrbTFZY1ia8sAIJJ

Score

10^/10

darkcomet dark-n3tw0rk rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

DARK-N3TW0RK

C2

dark-n3tw0rk.zapto.org:1604

Mutex

DC_MUTEX-N8A5H7J

Attributes

gencode
p5WfqCxWohhH
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  fbfa2ed9ed513628af57f0a5981fec4c_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  fbfa2ed9ed513628af57f0a5981fec4c
- SHA1
  
  01bcb8f9cd5cb8a27771ff58cf9dc58b5e64dc31
- SHA256
  
  69de3ac6dbc2f444a2733fcbcb47d9c4825f998ded6997671d88972b865cbcfa
- SHA512
  
  a12d958c2455611f345eca814dbb4ceb108c0807ff3918dba5a9a987b496f55941a5d4802163bd2ab6f95be8f3008dc7e33f2f5eeaad0a4ce8860ad1c02cb23a
- SSDEEP
  
  24576:KRmJkcoQricOIQxiZY1ia8sAIJlSvaeUCqZlU2GmwdlJlcmZ/Uns3EX:PJZoQrbTFZY1ia8sAIJJ
Score

10^/10

darkcomet dark-n3tw0rk rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

darkcometdark-n3tw0rkrattrojan