darkcomet | fccc80de0fc9ba246902bbec6c5189c7d14aa7617b203bb7b1ca58ac25dbb0e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07e1cdae1fe659073ab973ccaa0f6cfa_JaffaCakes118
Size

900KB
Sample

240624-l61ynazgmk
MD5

07e1cdae1fe659073ab973ccaa0f6cfa
SHA1

ef35c83fb52da9613da55bab5be341a3cd17cb77
SHA256

fccc80de0fc9ba246902bbec6c5189c7d14aa7617b203bb7b1ca58ac25dbb0e8
SHA512

7e029bf1b3cf5c048af80f8576a03d0dff1402c50b1d2fff7b3267275dfe3310e8f83fce68731431d0d65ba1e4c538503ccc11e43478ca276119a584137383f7
SSDEEP

24576:ZLy+fKU/f9MToBsDnhYkrChHbjs/SDfk:ZyIKtoBHbFk

Score

10^/10

darkcomet config1 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

config1

C2

domovian.no-ip.biz:110

Mutex

DC_MUTEX-HD40HNR

Attributes

gencode
q6wies1bdznu
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  07e1cdae1fe659073ab973ccaa0f6cfa_JaffaCakes118
- Size
  
  900KB
- MD5
  
  07e1cdae1fe659073ab973ccaa0f6cfa
- SHA1
  
  ef35c83fb52da9613da55bab5be341a3cd17cb77
- SHA256
  
  fccc80de0fc9ba246902bbec6c5189c7d14aa7617b203bb7b1ca58ac25dbb0e8
- SHA512
  
  7e029bf1b3cf5c048af80f8576a03d0dff1402c50b1d2fff7b3267275dfe3310e8f83fce68731431d0d65ba1e4c538503ccc11e43478ca276119a584137383f7
- SSDEEP
  
  24576:ZLy+fKU/f9MToBsDnhYkrChHbjs/SDfk:ZyIKtoBHbFk
Score

10^/10

darkcomet config1 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Drops file in Drivers directory
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometconfig1rattrojan

behavioral2

darkcometconfig1rattrojan