darkcomet | 8de3e8407e2ac685ef9a5d097e209276233ab23db8f5e74bad252b22b251e591 | Triage

Sharing

General

Target

9436dd2ce44f2311d7cf032852a831ab_JaffaCakes118
Size

1.1MB
Sample

240813-wx88sayfrh
MD5

9436dd2ce44f2311d7cf032852a831ab
SHA1

a6c9c7a87d3c7c3848ee6707dca56544596799f3
SHA256

8de3e8407e2ac685ef9a5d097e209276233ab23db8f5e74bad252b22b251e591
SHA512

de8dc4c5d6a2b47bdaba985bbab2b653c860c73d7651cb65fdf669f970243c1f898d3314b5d27215ce3747ba072ecda792a9bfa6a1c7b397d2fa4514d40b7a11
SSDEEP

12288:jjPG0Ond0VO5iICxcNVM82OKQhfAvhIcQjFDk/yXcrnvMftGowccQyYE33lEFUk0:LwJTwZAuTUlErCUkHNFpwzkvNY

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  9436dd2ce44f2311d7cf032852a831ab_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  9436dd2ce44f2311d7cf032852a831ab
- SHA1
  
  a6c9c7a87d3c7c3848ee6707dca56544596799f3
- SHA256
  
  8de3e8407e2ac685ef9a5d097e209276233ab23db8f5e74bad252b22b251e591
- SHA512
  
  de8dc4c5d6a2b47bdaba985bbab2b653c860c73d7651cb65fdf669f970243c1f898d3314b5d27215ce3747ba072ecda792a9bfa6a1c7b397d2fa4514d40b7a11
- SSDEEP
  
  12288:jjPG0Ond0VO5iICxcNVM82OKQhfAvhIcQjFDk/yXcrnvMftGowccQyYE33lEFUk0:LwJTwZAuTUlErCUkHNFpwzkvNY
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan