darkcomet | 38a203424197ac77d6157ac414b7b03af93e9e3d0bac0db8d1bf6c22b6d1003a | Triage

Sharing

General

Target

a98bc6373182dfdbcbf933779c8b23a0_JaffaCakes118
Size

658KB
Sample

240614-n3jlbazcjh
MD5

a98bc6373182dfdbcbf933779c8b23a0
SHA1

5474ee6f41dc44eb9b7166ea45ca25c62c07f692
SHA256

38a203424197ac77d6157ac414b7b03af93e9e3d0bac0db8d1bf6c22b6d1003a
SHA512

fdec831170c7623c30687d62438da3dcdffb74fc751bad0c1f8e689d938a08e83af94a2123d072bd4440f50d81540cbb1f283db570580eeb0d89a28f415642fe
SSDEEP

12288:K9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:GZ1xuVVjfFoynPaVBUR8f+kN10EBq

Score

10^/10

darkcomet berat malý rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

berat malý

C2

192.168.1.106:1000

Mutex

DC_MUTEX-NFP2G7D

Attributes

gencode
Wbqw5HoP8vBy
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  a98bc6373182dfdbcbf933779c8b23a0_JaffaCakes118
- Size
  
  658KB
- MD5
  
  a98bc6373182dfdbcbf933779c8b23a0
- SHA1
  
  5474ee6f41dc44eb9b7166ea45ca25c62c07f692
- SHA256
  
  38a203424197ac77d6157ac414b7b03af93e9e3d0bac0db8d1bf6c22b6d1003a
- SHA512
  
  fdec831170c7623c30687d62438da3dcdffb74fc751bad0c1f8e689d938a08e83af94a2123d072bd4440f50d81540cbb1f283db570580eeb0d89a28f415642fe
- SSDEEP
  
  12288:K9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:GZ1xuVVjfFoynPaVBUR8f+kN10EBq
Score

10^/10

darkcomet berat malý rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

berat malýdarkcomet

behavioral1

darkcometberat malýrattrojan

behavioral2

darkcometberat malýrattrojan