darkcomet | 832a26f6a0acd9397faec3227c5fafa32b841ddc087511d3676774954fcf7870 | Triage

Sharing

General

Target

39454d14db529973fc54e92a4bdadc04_JaffaCakes118
Size

1.7MB
Sample

240711-qhjfxsxgkl
MD5

39454d14db529973fc54e92a4bdadc04
SHA1

7434724e5ac9ca3a9a0bec2507205c4abd487ab6
SHA256

832a26f6a0acd9397faec3227c5fafa32b841ddc087511d3676774954fcf7870
SHA512

b4d08eebe9fdf2e1688d18ad904d729e73946bf736155558ecb102c655ef68c048228acd36d4cd09879e5cb6b51d01bad893c5b12dfa0d45c906c7eed5d31ce6
SSDEEP

24576:OjnV1liePbWkM/FCUO5tRWpPK8Jxz2EbCS7W434t0Sbh:MV1lieoFBbVByxb

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

192.168.1.10:1604

Mutex

DCMIN_MUTEX-AC5KCRP

Attributes

gencode
xDDTQ3nv0Lse
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  39454d14db529973fc54e92a4bdadc04_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  39454d14db529973fc54e92a4bdadc04
- SHA1
  
  7434724e5ac9ca3a9a0bec2507205c4abd487ab6
- SHA256
  
  832a26f6a0acd9397faec3227c5fafa32b841ddc087511d3676774954fcf7870
- SHA512
  
  b4d08eebe9fdf2e1688d18ad904d729e73946bf736155558ecb102c655ef68c048228acd36d4cd09879e5cb6b51d01bad893c5b12dfa0d45c906c7eed5d31ce6
- SSDEEP
  
  24576:OjnV1liePbWkM/FCUO5tRWpPK8Jxz2EbCS7W434t0Sbh:MV1lieoFBbVByxb
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan