darkcomet | 05f79fa5d7f7f55179c749c0d88a5760fbfcfc62ed7eb670ddaf6937dd205242 | Triage

Sharing

General

Target

02bfdedfdec5396721e8505da2733ef9_JaffaCakes118
Size

700KB
Sample

240622-s75fssxcrn
MD5

02bfdedfdec5396721e8505da2733ef9
SHA1

8e2226c9dd044e3312111aeddb54112b0af8a310
SHA256

05f79fa5d7f7f55179c749c0d88a5760fbfcfc62ed7eb670ddaf6937dd205242
SHA512

89046b9e413d08830452b7aa99a9b7995e978d1e0c8bbfd35835af3aa7603e0fd0fb5be444ed4f711fe48577189e00d424fc6d37fcc40fc9b958f7e1550ea71e
SSDEEP

12288:N/PnpWutXeeGFC4Jz221Bo2sth2X38n1yrgw5X:N/Pns0XeQ2sPtysnGgM

Score

10^/10

darkcomet ýçñó rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

ÝÇÑÓ

C2

nnns.zapto.org:1604

Mutex

DC_MUTEX-4JEUPPN

Attributes

gencode
ER3lGokX8QwM
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  02bfdedfdec5396721e8505da2733ef9_JaffaCakes118
- Size
  
  700KB
- MD5
  
  02bfdedfdec5396721e8505da2733ef9
- SHA1
  
  8e2226c9dd044e3312111aeddb54112b0af8a310
- SHA256
  
  05f79fa5d7f7f55179c749c0d88a5760fbfcfc62ed7eb670ddaf6937dd205242
- SHA512
  
  89046b9e413d08830452b7aa99a9b7995e978d1e0c8bbfd35835af3aa7603e0fd0fb5be444ed4f711fe48577189e00d424fc6d37fcc40fc9b958f7e1550ea71e
- SSDEEP
  
  12288:N/PnpWutXeeGFC4Jz221Bo2sth2X38n1yrgw5X:N/Pns0XeQ2sPtysnGgM
Score

10^/10

darkcomet ýçñó rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometýçñórattrojan

behavioral2

darkcometýçñórattrojan