darkcomet | 298abedbd9fa33d2a41d216fbbe7ae2746f9391ee02fb0bf3b8d053a645d24a3 | Triage

Submit
Reports

Overview

overview

Static

static

041fd14e2b...18.exe

windows7-x64

041fd14e2b...18.exe

windows10-2004-x64

Sharing

General

Target

041fd14e2ba0de7a1a9ffdcfe9442502_JaffaCakes118
Size

302KB
Sample

240428-cdwzkadf83
MD5

041fd14e2ba0de7a1a9ffdcfe9442502
SHA1

f3528dedbad1c849d68ef2c277800cd1897bc9a6
SHA256

298abedbd9fa33d2a41d216fbbe7ae2746f9391ee02fb0bf3b8d053a645d24a3
SHA512

c8dc0e82282e7c3aeb6cc8c65f721fe5a6e01996ca731cf986a0f553f42585746671e152d5c1748d46eb33e216299459b0f68b616c7c30989d7031ec1ed66156
SSDEEP

6144:yD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZbuf2l:yl8E4w5huat7UovONzbXwG2l

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

041fd14e2ba0de7a1a9ffdcfe9442502_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet guest16 rat trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

041fd14e2ba0de7a1a9ffdcfe9442502_JaffaCakes118.exe

Resource

win10v2004-20240426-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sashamatteu.ddns.net:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
XDPby6CCvRvu
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  041fd14e2ba0de7a1a9ffdcfe9442502_JaffaCakes118
- Size
  
  302KB
- MD5
  
  041fd14e2ba0de7a1a9ffdcfe9442502
- SHA1
  
  f3528dedbad1c849d68ef2c277800cd1897bc9a6
- SHA256
  
  298abedbd9fa33d2a41d216fbbe7ae2746f9391ee02fb0bf3b8d053a645d24a3
- SHA512
  
  c8dc0e82282e7c3aeb6cc8c65f721fe5a6e01996ca731cf986a0f553f42585746671e152d5c1748d46eb33e216299459b0f68b616c7c30989d7031ec1ed66156
- SSDEEP
  
  6144:yD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZbuf2l:yl8E4w5huat7UovONzbXwG2l
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy