darkcomet | a75617d45ddf014f0309648dee853256f37fbe6b7ea4f3b1c8589f7be5ae5e02 | Triage

Sharing

General

Target

26ac9579fa2da5560769ec5fb1186236_JaffaCakes118
Size

575KB
Sample

240704-3q2npaydmd
MD5

26ac9579fa2da5560769ec5fb1186236
SHA1

f196f35bf253e91f74c3bcd256faac38424742ab
SHA256

a75617d45ddf014f0309648dee853256f37fbe6b7ea4f3b1c8589f7be5ae5e02
SHA512

bab881511bc363fa845e8f55739ecee4f86471019c838b01a9542b2f6a7eddccd2ef8f9b61f530052277401b7fde42afd62b868830f21361b95be5a134d01da1
SSDEEP

12288:Oe0IlbTSW1O0gncU4sRE4El7Pi9CQkdYK2331Ilz5KvBMk/TH0:t7qnzQl7K9CCKA125/kL0

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-PTKFLKH

Attributes

gencode
he1ZLRFWRjVa
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  26ac9579fa2da5560769ec5fb1186236_JaffaCakes118
- Size
  
  575KB
- MD5
  
  26ac9579fa2da5560769ec5fb1186236
- SHA1
  
  f196f35bf253e91f74c3bcd256faac38424742ab
- SHA256
  
  a75617d45ddf014f0309648dee853256f37fbe6b7ea4f3b1c8589f7be5ae5e02
- SHA512
  
  bab881511bc363fa845e8f55739ecee4f86471019c838b01a9542b2f6a7eddccd2ef8f9b61f530052277401b7fde42afd62b868830f21361b95be5a134d01da1
- SSDEEP
  
  12288:Oe0IlbTSW1O0gncU4sRE4El7Pi9CQkdYK2331Ilz5KvBMk/TH0:t7qnzQl7K9CCKA125/kL0
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Drops file in Drivers directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan