darkcomet | 58087ed79e27b0405194c88b3609bbe86661e96e47a29cb404b1677bc7d1b064 | Triage

Submit
Reports

Overview

overview

Static

static

796ca252d2...18.exe

windows7-x64

796ca252d2...18.exe

windows10-2004-x64

Sharing

General

Target

796ca252d22e3e023afeb6c425bc0453_JaffaCakes118
Size

302KB
Sample

240730-v78vbsvdpa
MD5

796ca252d22e3e023afeb6c425bc0453
SHA1

379edbd8781f343d6f34c522f9296e1a397c3d35
SHA256

58087ed79e27b0405194c88b3609bbe86661e96e47a29cb404b1677bc7d1b064
SHA512

7bc83ffd2dfb57c0b44679b7fb36fc2579f1c30617393cd79aee866ee5e003b045dcf364c6048a615a93ea3790156c9f21d9dc8065b86b9d555b73e721ea3876
SSDEEP

6144:GwUKGgP43IwXCB0G0+nB4RhRVQjSo51Wca+7rbUbds00cJuEpbR+:GwfLOIoCONC4PRVeSo5Yca4P9WJuE

Score

10^/10

darkcomet revengerat jdb discovery rat stealer trojan upx

Static task

static1

stealer revengerat

3 signatures

Behavioral task

behavioral1

Sample

796ca252d22e3e023afeb6c425bc0453_JaffaCakes118.exe

Resource

win7-20240708-en

darkcomet jdb discovery rat trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

796ca252d22e3e023afeb6c425bc0453_JaffaCakes118.exe

Resource

win10v2004-20240730-en

darkcomet jdb discovery rat trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

JDB

C2

runescaperz.no-ip.biz:1604

Mutex

DC_MUTEX-SUHF9N2

Attributes

gencode
P6Yofa2qlPLp
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  796ca252d22e3e023afeb6c425bc0453_JaffaCakes118
- Size
  
  302KB
- MD5
  
  796ca252d22e3e023afeb6c425bc0453
- SHA1
  
  379edbd8781f343d6f34c522f9296e1a397c3d35
- SHA256
  
  58087ed79e27b0405194c88b3609bbe86661e96e47a29cb404b1677bc7d1b064
- SHA512
  
  7bc83ffd2dfb57c0b44679b7fb36fc2579f1c30617393cd79aee866ee5e003b045dcf364c6048a615a93ea3790156c9f21d9dc8065b86b9d555b73e721ea3876
- SSDEEP
  
  6144:GwUKGgP43IwXCB0G0+nB4RhRVQjSo51Wca+7rbUbds00cJuEpbR+:GwfLOIoCONC4PRVeSo5Yca4P9WJuE
Score

10^/10

darkcomet jdb discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

stealerrevengerat

behavioral1

darkcometjdbdiscoveryrattrojanupx

behavioral2

darkcometjdbdiscoveryrattrojanupx

© 2018-2024

Terms | Privacy