darkcomet | 49319953f6f8ab2373e29b614beb8b4de238d4579eee778b763c757e155b8dcc | Triage

Sharing

General

Target

c8d6048b879e08c773a9518994abbf90_JaffaCakes118
Size

481KB
Sample

240829-pwjheasaqb
MD5

c8d6048b879e08c773a9518994abbf90
SHA1

b022d589beb994e45e39b063f7bd169d01ef77b4
SHA256

49319953f6f8ab2373e29b614beb8b4de238d4579eee778b763c757e155b8dcc
SHA512

739384d9e94dc9479caac78f324e26a0a1982b473f5003a48d372891ae5abb54dcf293377972be124ee36e2bff7799b8a426ae70344f72bab56cb662eefd2a5e
SSDEEP

12288:5bjFvcHS8twSu5hv1/+L4wx89bAQbLVpdzUnX:1OHSiu5hNE4npbLp6X

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-ZU8X9YW

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
D4DkFKuHAvbW
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Targets

- Target
  
  c8d6048b879e08c773a9518994abbf90_JaffaCakes118
- Size
  
  481KB
- MD5
  
  c8d6048b879e08c773a9518994abbf90
- SHA1
  
  b022d589beb994e45e39b063f7bd169d01ef77b4
- SHA256
  
  49319953f6f8ab2373e29b614beb8b4de238d4579eee778b763c757e155b8dcc
- SHA512
  
  739384d9e94dc9479caac78f324e26a0a1982b473f5003a48d372891ae5abb54dcf293377972be124ee36e2bff7799b8a426ae70344f72bab56cb662eefd2a5e
- SSDEEP
  
  12288:5bjFvcHS8twSu5hv1/+L4wx89bAQbLVpdzUnX:1OHSiu5hNE4npbLp6X
Score

10^/10

darkcomet discovery rat trojan guest16_min
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan