darkcomet | 72b873adfdb436f387a1893848500728c2096a8c32493855c774ac1aa4bfdc34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2262fcc4c8620f5558ec7d012d15feff_JaffaCakes118
Size

712KB
Sample

240703-plj17athrg
MD5

2262fcc4c8620f5558ec7d012d15feff
SHA1

17bb728ba786b7390d7ffbea46bf4b059c5b89d8
SHA256

72b873adfdb436f387a1893848500728c2096a8c32493855c774ac1aa4bfdc34
SHA512

090c989d16f6f3c195dbf8828a0b8e4b9ea6483e8cace3c6b5e4e58c84d89c4763087f34ea5cfb8885ec0f379d4fe989d7876d46ed1f05aa64145940909f1c50
SSDEEP

12288:LSxAZQtXuLXxmQWKbK38B+YxBdYJBKMaKXSwgMCZzL/T4E1eNtUthHZBto:LrQtukQWKK6+YxBdPRKXJCZzLctNy35I

Score

10^/10

darkcomet victim rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

victim

C2

texthf.zapto.org:1604

Mutex

DC_MUTEX-LGRCLFK

Attributes

gencode
JbqpoDscm2SF
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  2262fcc4c8620f5558ec7d012d15feff_JaffaCakes118
- Size
  
  712KB
- MD5
  
  2262fcc4c8620f5558ec7d012d15feff
- SHA1
  
  17bb728ba786b7390d7ffbea46bf4b059c5b89d8
- SHA256
  
  72b873adfdb436f387a1893848500728c2096a8c32493855c774ac1aa4bfdc34
- SHA512
  
  090c989d16f6f3c195dbf8828a0b8e4b9ea6483e8cace3c6b5e4e58c84d89c4763087f34ea5cfb8885ec0f379d4fe989d7876d46ed1f05aa64145940909f1c50
- SSDEEP
  
  12288:LSxAZQtXuLXxmQWKbK38B+YxBdYJBKMaKXSwgMCZzL/T4E1eNtUthHZBto:LrQtukQWKK6+YxBdPRKXJCZzLctNy35I
Score

10^/10

darkcomet victim rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcometvictimrattrojan

behavioral2

darkcometvictimrattrojan