darkcomet | 5502c0ca543e31cf1209de6e0903059a85b1d43fc052c94c80268748269a4012 | Triage

Sharing

General

Target

3c3ec63f132d12f11f3d1f0ea9466e0e_JaffaCakes118
Size

2.3MB
Sample

240712-gvaj4steld
MD5

3c3ec63f132d12f11f3d1f0ea9466e0e
SHA1

514b9d7f1b76bd7cc93e3ca9ef7f42a77b264b91
SHA256

5502c0ca543e31cf1209de6e0903059a85b1d43fc052c94c80268748269a4012
SHA512

cca6e5b0c11ea804ebed96c81952802732150765b303650eb71eaf22fd70a3fb761712d5e5cb4c8c18eca9fdd557066cd23b257cac40dc1371c73e074fc2b4fe
SSDEEP

49152:/5dVwPaFHTTgkAAn2IQ39y9rRF83BhJF7gxl916Fy1xjK1e1:RdW4lQw5RF8Q

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rsthunder.zapto.org:1604

Mutex

DC_MUTEX-TPZCEWL

Attributes

gencode
fxq1KKnANCeE
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  3c3ec63f132d12f11f3d1f0ea9466e0e_JaffaCakes118
- Size
  
  2.3MB
- MD5
  
  3c3ec63f132d12f11f3d1f0ea9466e0e
- SHA1
  
  514b9d7f1b76bd7cc93e3ca9ef7f42a77b264b91
- SHA256
  
  5502c0ca543e31cf1209de6e0903059a85b1d43fc052c94c80268748269a4012
- SHA512
  
  cca6e5b0c11ea804ebed96c81952802732150765b303650eb71eaf22fd70a3fb761712d5e5cb4c8c18eca9fdd557066cd23b257cac40dc1371c73e074fc2b4fe
- SSDEEP
  
  49152:/5dVwPaFHTTgkAAn2IQ39y9rRF83BhJF7gxl916Fy1xjK1e1:RdW4lQw5RF8Q
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan