darkcomet | 1f4f09baf2bf639c4dd5506957d342f84676400d04a208ddaa39c2e6022cee11 | Triage

Sharing

General

Target

245e8c5e993e09cd47cfb8700c8b1bb9_JaffaCakes118
Size

264KB
Sample

240508-l9m6zahh35
MD5

245e8c5e993e09cd47cfb8700c8b1bb9
SHA1

da80b45718427dec1dad6bbd7a489f8fda6bc341
SHA256

1f4f09baf2bf639c4dd5506957d342f84676400d04a208ddaa39c2e6022cee11
SHA512

ee67d6b3aeac63c2043c64bdff1da746758ef288ef7558f59425e9d01cabf7c1da145e91ccf791f2b6d1cab50fdf3271907ce55cef7c615106d8aedb980df962
SSDEEP

6144:GguagVCqCTOH4T2gett2oGS9WlH/S7ulFZErhUil1:GfagVqk4K1ttzGbHK7utETr

Score

10^/10

darkcomet kurban rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Kurban

C2

192.168.1.105:1000

Mutex

DC_MUTEX-7GPRH5W

Attributes

gencode
bpodnt2QwKqd
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  sdfgsd,/lan.exe
- Size
  
  658KB
- MD5
  
  5f8850f40cb75a444f1da17734575e09
- SHA1
  
  1bf67b402b76234400db41267a2dba9e95bee356
- SHA256
  
  bdf4b27138bf902624cc7369aaf61c06dc7972244f3ca883affffa2829522c68
- SHA512
  
  bf7f8cc966f6fab12c754e557a746085ce612f9ee1b41148a800017d8eb86a82683ed1211da22e41bb1a1a1b3b62ff0514dd63421b893058f24218bf944598e0
- SSDEEP
  
  12288:a9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hQ:WZ1xuVVjfFoynPaVBUR8f+kN10EBe
Score

10^/10

darkcomet kurban rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

kurbandarkcomet

behavioral1

darkcometkurbanrattrojan

behavioral2

darkcometkurbanrattrojan