darkcomet | 683cd934a5773f68b073e5fe4869f0a48330caeb48e2256be6a341b9c1e66b3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

233e47ba99161ef83f001d316cfe6e0b_JaffaCakes118
Size

471KB
Sample

240703-wdyb6s1aql
MD5

233e47ba99161ef83f001d316cfe6e0b
SHA1

d9e0674dbb82433e27fcaab0d3fba0e44995537a
SHA256

683cd934a5773f68b073e5fe4869f0a48330caeb48e2256be6a341b9c1e66b3b
SHA512

701bf2babe8d4ca2b612657aad94d7a26a924c779d1327a259b05f88abdf4615c448cebe2098e884c8f8c1c17e18532932b0d90d48a79d9e3f1671e1b53b3a12
SSDEEP

6144:ZiYkxF4iC1OD/qCQPzkz9mnPJGtYepTxVRXLeugH3rp8WuVbO6t4c50f3Eql+A:ZiYkx3/HGk0nBGtrpTxDg8OU4oMUq7

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

192.168.1.117:80

Mutex

DCMIN_MUTEX-JFBNSZM

Attributes

gencode
XkB4sMw7tBoi
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  233e47ba99161ef83f001d316cfe6e0b_JaffaCakes118
- Size
  
  471KB
- MD5
  
  233e47ba99161ef83f001d316cfe6e0b
- SHA1
  
  d9e0674dbb82433e27fcaab0d3fba0e44995537a
- SHA256
  
  683cd934a5773f68b073e5fe4869f0a48330caeb48e2256be6a341b9c1e66b3b
- SHA512
  
  701bf2babe8d4ca2b612657aad94d7a26a924c779d1327a259b05f88abdf4615c448cebe2098e884c8f8c1c17e18532932b0d90d48a79d9e3f1671e1b53b3a12
- SSDEEP
  
  6144:ZiYkxF4iC1OD/qCQPzkz9mnPJGtYepTxVRXLeugH3rp8WuVbO6t4c50f3Eql+A:ZiYkx3/HGk0nBGtrpTxDg8OU4oMUq7
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan