darkcomet | 29f573a76f83f58123f118c876d60e0f2eb1bce10c3b6710facadae699a7354f | Triage

Sharing

General

Target

abf871e6ae6935d48b6c4d15a93a692e_JaffaCakes118
Size

857KB
Sample

240614-3dbxhathkk
MD5

abf871e6ae6935d48b6c4d15a93a692e
SHA1

5d3989ef5a1a8322e9d8d6e82ec8cebc7f622020
SHA256

29f573a76f83f58123f118c876d60e0f2eb1bce10c3b6710facadae699a7354f
SHA512

e9a7f8e0df7b43e58d013be2451c34e3fc9e555d1e18dc82074130a308be7e5d1aaaf0e0a391cfafdc98afe6a4ba6bd91cd27a2973791a97a14eab10e3561cc5
SSDEEP

24576:tZ1xuVVjfFoynPaVBUR8f+kN10EB+gsPiGLZAk:3QDgok30ms6GLZAk

Score

10^/10

darkcomet kurban rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Kurban

C2

http://merhababenaq.duckdns.org:1604

Mutex

DC_MUTEX-BZKB6JQ

Attributes

gencode
gdhgSWdLNy2R
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  abf871e6ae6935d48b6c4d15a93a692e_JaffaCakes118
- Size
  
  857KB
- MD5
  
  abf871e6ae6935d48b6c4d15a93a692e
- SHA1
  
  5d3989ef5a1a8322e9d8d6e82ec8cebc7f622020
- SHA256
  
  29f573a76f83f58123f118c876d60e0f2eb1bce10c3b6710facadae699a7354f
- SHA512
  
  e9a7f8e0df7b43e58d013be2451c34e3fc9e555d1e18dc82074130a308be7e5d1aaaf0e0a391cfafdc98afe6a4ba6bd91cd27a2973791a97a14eab10e3561cc5
- SSDEEP
  
  24576:tZ1xuVVjfFoynPaVBUR8f+kN10EB+gsPiGLZAk:3QDgok30ms6GLZAk
Score

10^/10

darkcomet kurban rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

kurbandarkcomet

behavioral1

darkcometkurbanrattrojan

behavioral2

darkcometkurbanrattrojan