darkcomet | 62af3a900994ff640c0b48973eba968eb0e8ea47b85bb770d60d75f2bb09a4c3 | Triage

Sharing

General

Target

44bf35d88862370b9c9e3ae6145f32c1_JaffaCakes118
Size

1.0MB
Sample

240714-hkj68ssglb
MD5

44bf35d88862370b9c9e3ae6145f32c1
SHA1

aa9f55d09797a5455cce5f5c08f5ef5e35c12cec
SHA256

62af3a900994ff640c0b48973eba968eb0e8ea47b85bb770d60d75f2bb09a4c3
SHA512

0a4f34ca1e876abd7162d88af6696f4230ff3c9caa4d714b42ef114af82e120e554f2213ac1e737c355f43ae3fe7bfaa71581b9145dd86837e8359ce1c1a6781
SSDEEP

24576:vKc/YTYbVfcaKxO73i1cyinfOaCm7i2zJP:vv/Y8beFO+43zbJP

Score

10^/10

darkcomet test rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

TEST

C2

127.0.0.1:1604

Mutex

DC_MUTEX-9G7DXMT

Attributes

gencode
SLNopUcqMcGw
install
false
offline_keylogger
true
password
1234567890
persistence
false

Targets

- Target
  
  44bf35d88862370b9c9e3ae6145f32c1_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  44bf35d88862370b9c9e3ae6145f32c1
- SHA1
  
  aa9f55d09797a5455cce5f5c08f5ef5e35c12cec
- SHA256
  
  62af3a900994ff640c0b48973eba968eb0e8ea47b85bb770d60d75f2bb09a4c3
- SHA512
  
  0a4f34ca1e876abd7162d88af6696f4230ff3c9caa4d714b42ef114af82e120e554f2213ac1e737c355f43ae3fe7bfaa71581b9145dd86837e8359ce1c1a6781
- SSDEEP
  
  24576:vKc/YTYbVfcaKxO73i1cyinfOaCm7i2zJP:vv/Y8beFO+43zbJP
Score

10^/10

darkcomet test rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcomettestrattrojan

behavioral2

darkcomettestrattrojan