darkcomet | a9e3efb8a38c00b565738be7603c394d96808b194e9a4dd82a67f627e12d7048 | Triage

Submit
Reports

Overview

overview

Static

static

aae966aa48...18.exe

windows7-x64

aae966aa48...18.exe

windows10-2004-x64

Sharing

General

Target

aae966aa480eb904e9e2b16e8b5733f1_JaffaCakes118
Size

251KB
Sample

240614-v2ez3atdrj
MD5

aae966aa480eb904e9e2b16e8b5733f1
SHA1

3f73d3bc89ab8448b8c6f7bf036f026b6d8cb80d
SHA256

a9e3efb8a38c00b565738be7603c394d96808b194e9a4dd82a67f627e12d7048
SHA512

940ef8a3c9ca47a0e7d119c501114f1905b6c28d66ef9553204dfa6c8dc3bb43037e6d5468441c783c19511c1206d5ace6820fccb1cc57f3df802e5e462af433
SSDEEP

6144:lcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ0:lcWkbgTYWnYnt/IDYhPV

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

aae966aa480eb904e9e2b16e8b5733f1_JaffaCakes118.exe

Resource

win7-20240220-en

darkcomet guest16 rat trojan upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

aae966aa480eb904e9e2b16e8b5733f1_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-FC5SWRA

Attributes

gencode
bzxkKF9EuEi4
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  aae966aa480eb904e9e2b16e8b5733f1_JaffaCakes118
- Size
  
  251KB
- MD5
  
  aae966aa480eb904e9e2b16e8b5733f1
- SHA1
  
  3f73d3bc89ab8448b8c6f7bf036f026b6d8cb80d
- SHA256
  
  a9e3efb8a38c00b565738be7603c394d96808b194e9a4dd82a67f627e12d7048
- SHA512
  
  940ef8a3c9ca47a0e7d119c501114f1905b6c28d66ef9553204dfa6c8dc3bb43037e6d5468441c783c19511c1206d5ace6820fccb1cc57f3df802e5e462af433
- SSDEEP
  
  6144:lcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ0:lcWkbgTYWnYnt/IDYhPV
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy