darkcomet | aab990b872f13b936cf27e64055e4ddb811bc5951de04377ef41b41b5707b86e | Triage

Sharing

General

Target

0cae39f5dcf0f18f3d0512bbbc460d63_JaffaCakes118
Size

649KB
Sample

240621-st4x4szbmm
MD5

0cae39f5dcf0f18f3d0512bbbc460d63
SHA1

ff012288d9da5185e8273b1dd7ad4106d2cdb35c
SHA256

aab990b872f13b936cf27e64055e4ddb811bc5951de04377ef41b41b5707b86e
SHA512

e590acd3640ef58db7bb4ba89b8ba24fb937ee02ebe26e6cd5627e89d50cc16d004f25add672a6e11db089fbc989d8ce74172d1b83241795d63c5a1893d667f2
SSDEEP

12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+v:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+GW

Score

10^/10

darkcomet hi rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Hi

C2

woodpeckertree.no-ip.info:1604

Mutex

DC_MUTEX-T3A5398

Attributes

gencode
x7cCkCGlUPx1
install
false
offline_keylogger
true
password
w00d_p3ck3r1337
persistence
false

Targets

- Target
  
  0cae39f5dcf0f18f3d0512bbbc460d63_JaffaCakes118
- Size
  
  649KB
- MD5
  
  0cae39f5dcf0f18f3d0512bbbc460d63
- SHA1
  
  ff012288d9da5185e8273b1dd7ad4106d2cdb35c
- SHA256
  
  aab990b872f13b936cf27e64055e4ddb811bc5951de04377ef41b41b5707b86e
- SHA512
  
  e590acd3640ef58db7bb4ba89b8ba24fb937ee02ebe26e6cd5627e89d50cc16d004f25add672a6e11db089fbc989d8ce74172d1b83241795d63c5a1893d667f2
- SSDEEP
  
  12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+v:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+GW
Score

10^/10

darkcomet hi rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcomethirattrojan

behavioral2

darkcomethirattrojan