darkcomet | 4af2828c12925721939e12729dfb0bf963d08331c1bc93135e488acef47d15c7 | Triage

Sharing

General

Target

ed46200da5c87d6e74dc0a82ef2a81cb_JaffaCakes118
Size

787KB
Sample

240920-k51e3ayhlp
MD5

ed46200da5c87d6e74dc0a82ef2a81cb
SHA1

4055aaa213082a656f610bed654b543f1a9564b7
SHA256

4af2828c12925721939e12729dfb0bf963d08331c1bc93135e488acef47d15c7
SHA512

15d21e316416145bb6767d1b234c5b073a1a253c111263b31ec2a114116fc38734440a9e69cdea793e318c4377d9b4e9b6f74f95c6231180c007814dba6512b0
SSDEEP

12288:CxHDcoV7ELrT//ech9R8Obu9mv9yRRizfNck4GFrU2aKqIJw:Kj1Vi//ecBJbpv9yRRizVqMdJw

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

10.10.98.86:1604

Mutex

DCMIN_MUTEX-7BU96B1

Attributes

gencode
xg2JrVo1TqSP
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ed46200da5c87d6e74dc0a82ef2a81cb_JaffaCakes118
- Size
  
  787KB
- MD5
  
  ed46200da5c87d6e74dc0a82ef2a81cb
- SHA1
  
  4055aaa213082a656f610bed654b543f1a9564b7
- SHA256
  
  4af2828c12925721939e12729dfb0bf963d08331c1bc93135e488acef47d15c7
- SHA512
  
  15d21e316416145bb6767d1b234c5b073a1a253c111263b31ec2a114116fc38734440a9e69cdea793e318c4377d9b4e9b6f74f95c6231180c007814dba6512b0
- SSDEEP
  
  12288:CxHDcoV7ELrT//ech9R8Obu9mv9yRRizfNck4GFrU2aKqIJw:Kj1Vi//ecBJbpv9yRRizVqMdJw
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan