darkcomet | f1232a3ce1b7fb19e7c5d24c85dc422ff3114dd74bc40d4095c31f2c55f51949 | Triage

Sharing

General

Target

6167ef56e2d65f200e34f98edd16476c_JaffaCakes118
Size

756KB
Sample

240521-afa4rscd3v
MD5

6167ef56e2d65f200e34f98edd16476c
SHA1

be92e11e579604770fd3c7bbff2eb54872267299
SHA256

f1232a3ce1b7fb19e7c5d24c85dc422ff3114dd74bc40d4095c31f2c55f51949
SHA512

fc1bf9224c804fb01dc2e5c8dc9a1a221a6982f90f9179e234ade790fad0f1a4f9ea4233d627bd6f71efae7d829182071458542326b440b9e758d349ce27bfdd
SSDEEP

12288:F9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hj:PZ1xuVVjfFoynPaVBUR8f+kN10EBx

Score

10^/10

darkcomet guest16 evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

zozorf.hopto.org:1604

Mutex

DC_MUTEX-XNRMK5M

Attributes

gencode
gFFxV3kBcDyT
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  6167ef56e2d65f200e34f98edd16476c_JaffaCakes118
- Size
  
  756KB
- MD5
  
  6167ef56e2d65f200e34f98edd16476c
- SHA1
  
  be92e11e579604770fd3c7bbff2eb54872267299
- SHA256
  
  f1232a3ce1b7fb19e7c5d24c85dc422ff3114dd74bc40d4095c31f2c55f51949
- SHA512
  
  fc1bf9224c804fb01dc2e5c8dc9a1a221a6982f90f9179e234ade790fad0f1a4f9ea4233d627bd6f71efae7d829182071458542326b440b9e758d349ce27bfdd
- SSDEEP
  
  12288:F9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hj:PZ1xuVVjfFoynPaVBUR8f+kN10EBx
Score

10^/10

darkcomet guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Disables Task Manager via registry modification
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionrattrojan

behavioral2

darkcometguest16evasionrattrojan