darkcomet | f8d1a5cd137384244d5f6b0143bbfe8889398ad777803acd4a04d55270f76f2e | Triage

Sharing

General

Target

50deced6fc75a406f249c9baf4c8e3bb_JaffaCakes118
Size

1.7MB
Sample

240717-bm6dxsyhqj
MD5

50deced6fc75a406f249c9baf4c8e3bb
SHA1

a348829e7975e1cd893a9b94e18a0730b0f5ee98
SHA256

f8d1a5cd137384244d5f6b0143bbfe8889398ad777803acd4a04d55270f76f2e
SHA512

d5404507cb7489ddfecf64f45b6fc8c9b7a85bb1e5acac9ef2b4a100facf5881efeb32d5a194fd6f52261079a456bf5aa10ec4b008efc0f1eaa6784e3060e9e9
SSDEEP

12288:c5IoePwgwnLtLj1Zz2GmmsFB7zpx+Oe09kEYSzwJSTac4z0ph/HW1CtV8u+7GzQG:c5Jzn0ph+hXYF48efYs3upbKkaWS

Score

10^/10

darkcomet test rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

TEST

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-W83M2QM

Attributes

gencode
u7rsapBJl0m4
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  50deced6fc75a406f249c9baf4c8e3bb_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  50deced6fc75a406f249c9baf4c8e3bb
- SHA1
  
  a348829e7975e1cd893a9b94e18a0730b0f5ee98
- SHA256
  
  f8d1a5cd137384244d5f6b0143bbfe8889398ad777803acd4a04d55270f76f2e
- SHA512
  
  d5404507cb7489ddfecf64f45b6fc8c9b7a85bb1e5acac9ef2b4a100facf5881efeb32d5a194fd6f52261079a456bf5aa10ec4b008efc0f1eaa6784e3060e9e9
- SSDEEP
  
  12288:c5IoePwgwnLtLj1Zz2GmmsFB7zpx+Oe09kEYSzwJSTac4z0ph/HW1CtV8u+7GzQG:c5Jzn0ph+hXYF48efYs3upbKkaWS
Score

10^/10

darkcomet test rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcomettestrattrojan

behavioral2

darkcomettestrattrojan