darkcomet | 0d11a6cd172fc7155297ccf6f158804766d1840bad64478cec2cecec0156daba | Triage

Submit
Reports

Overview

overview

Static

static

7

69b538ebf1...18.exe

windows7-x64

69b538ebf1...18.exe

windows10-2004-x64

3

Sharing

General

Target

69b538ebf13cbef45c7e2ffa2ba97388_JaffaCakes118
Size

1.5MB
Sample

240724-bmj6pazbmm
MD5

69b538ebf13cbef45c7e2ffa2ba97388
SHA1

17fb60b59748491e370b93214fa57e986d459fa5
SHA256

0d11a6cd172fc7155297ccf6f158804766d1840bad64478cec2cecec0156daba
SHA512

e26b11ddba094d8ca0e3c8bb855b058b1267ae2df21d5ca3a97e5714c2e61974b438c4fcdc47a220e645c668e6d41c44ccad52590c9e5df895aaf6f4bb7b1ae3
SSDEEP

24576:gtkyxE1CKLPSoaMl38pX3omil+/8NUbEZnbUj5b4q5MGClSAQ1nIletZVvSPf5nu:gtZxICUSdCaKQKnkb4q5MUIletZqfz5u

Score

10^/10

darkcomet guest16_min discovery rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

69b538ebf13cbef45c7e2ffa2ba97388_JaffaCakes118.exe

Resource

win7-20240708-en

darkcomet guest16_min discovery rat themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

69b538ebf13cbef45c7e2ffa2ba97388_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

iznenadahehehe.no-ip.biz:110

Mutex

DCMIN_MUTEX-WFPYWAC

Attributes

gencode
tpThvoh0vsYH
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  69b538ebf13cbef45c7e2ffa2ba97388_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  69b538ebf13cbef45c7e2ffa2ba97388
- SHA1
  
  17fb60b59748491e370b93214fa57e986d459fa5
- SHA256
  
  0d11a6cd172fc7155297ccf6f158804766d1840bad64478cec2cecec0156daba
- SHA512
  
  e26b11ddba094d8ca0e3c8bb855b058b1267ae2df21d5ca3a97e5714c2e61974b438c4fcdc47a220e645c668e6d41c44ccad52590c9e5df895aaf6f4bb7b1ae3
- SSDEEP
  
  24576:gtkyxE1CKLPSoaMl38pX3omil+/8NUbEZnbUj5b4q5MGClSAQ1nIletZVvSPf5nu:gtZxICUSdCaKQKnkb4q5MUIletZqfz5u
Score

10^/10

darkcomet guest16_min discovery rat themida trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryratthemidatrojan

behavioral2

© 2018-2024

Terms | Privacy