darkcomet | b5002c3cd85a9a199ffe3ca11621ba77f5a3a1b4a639f09181436809726ce106 | Triage

Sharing

General

Target

25cda0def44b41ea04258e42807b12c8_JaffaCakes118
Size

757KB
Sample

240508-vd9jrseb8t
MD5

25cda0def44b41ea04258e42807b12c8
SHA1

d1494e16edc3243bc576e0eaf0d4f3f02056358b
SHA256

b5002c3cd85a9a199ffe3ca11621ba77f5a3a1b4a639f09181436809726ce106
SHA512

f8c84e903508a26523fc6f576775494dfe88b91fcdcf1e639782d617840683f6e40ce7cd4c191ce7ba970cdb272a185c5b0e075874dc2191c5cab046e4e783da
SSDEEP

12288:KXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UV:UnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JF

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
w4TuzeX3ftbe
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  25cda0def44b41ea04258e42807b12c8_JaffaCakes118
- Size
  
  757KB
- MD5
  
  25cda0def44b41ea04258e42807b12c8
- SHA1
  
  d1494e16edc3243bc576e0eaf0d4f3f02056358b
- SHA256
  
  b5002c3cd85a9a199ffe3ca11621ba77f5a3a1b4a639f09181436809726ce106
- SHA512
  
  f8c84e903508a26523fc6f576775494dfe88b91fcdcf1e639782d617840683f6e40ce7cd4c191ce7ba970cdb272a185c5b0e075874dc2191c5cab046e4e783da
- SSDEEP
  
  12288:KXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UV:UnAw2WWeFcfbP9VPSPMTSPL/rWvzq4JF
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan