darkcomet | 5e9f427fef7bf5c6549650b19728e298c9d59868582af67d2d1c6dc3baf6f389 | Triage

Sharing

General

Target

1f7f6235191701ace200fb4dc61a8c71_JaffaCakes118
Size

1.3MB
Sample

240702-q1f4hsvcqf
MD5

1f7f6235191701ace200fb4dc61a8c71
SHA1

2bd681b5fd4b273e9d5addb3fd329d765657ced7
SHA256

5e9f427fef7bf5c6549650b19728e298c9d59868582af67d2d1c6dc3baf6f389
SHA512

4033ee7f3c30e477acc7494bc839baa1aabc58a21c3c4d33c0858876c613ff3cb462c6691a45a3ed5fc84f965ba64272d6d1effb4cd32a3e2f25acf752434b64
SSDEEP

24576:KEGNExwlAwmisNIBISjtqKEMcc3v8yoBTcMiH4bfzcHiUwj01:LmkKdpoBzwwrbj01

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-3MD52YJ

Attributes

gencode
H32ePHoviLXG
install
false
offline_keylogger
false
persistence
false

Targets

- Target
  
  1f7f6235191701ace200fb4dc61a8c71_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  1f7f6235191701ace200fb4dc61a8c71
- SHA1
  
  2bd681b5fd4b273e9d5addb3fd329d765657ced7
- SHA256
  
  5e9f427fef7bf5c6549650b19728e298c9d59868582af67d2d1c6dc3baf6f389
- SHA512
  
  4033ee7f3c30e477acc7494bc839baa1aabc58a21c3c4d33c0858876c613ff3cb462c6691a45a3ed5fc84f965ba64272d6d1effb4cd32a3e2f25acf752434b64
- SSDEEP
  
  24576:KEGNExwlAwmisNIBISjtqKEMcc3v8yoBTcMiH4bfzcHiUwj01:LmkKdpoBzwwrbj01
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan