darkcomet | 713c0d19c6b5f592c2d783aa902ebb4a053f2d05ad25c84957172590a8514634 | Triage

Sharing

General

Target

f85e062f38f4101d0e4bed7d81b2e7ed_JaffaCakes118
Size

1.7MB
Sample

240926-plj17azfkd
MD5

f85e062f38f4101d0e4bed7d81b2e7ed
SHA1

cd26c87d1113b79a0f4b50f121bd6136109622ec
SHA256

713c0d19c6b5f592c2d783aa902ebb4a053f2d05ad25c84957172590a8514634
SHA512

d54309f88ee3ffa0cdfbb58b0549dbbcfe37f8382b636e0eaefbdb1556cf4f41f5f90544ab6795273cffec8946422e66d8be678fa9f552037880489d116a2db1
SSDEEP

24576:EbG/QaLwgQRXV+6FBn1J+DkA4fXL8+tIQ4yOUbGTla:zO3TK+qDYGxa

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-VAU9KT1

Attributes

gencode
nFaUsyuK2AL8
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f85e062f38f4101d0e4bed7d81b2e7ed_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  f85e062f38f4101d0e4bed7d81b2e7ed
- SHA1
  
  cd26c87d1113b79a0f4b50f121bd6136109622ec
- SHA256
  
  713c0d19c6b5f592c2d783aa902ebb4a053f2d05ad25c84957172590a8514634
- SHA512
  
  d54309f88ee3ffa0cdfbb58b0549dbbcfe37f8382b636e0eaefbdb1556cf4f41f5f90544ab6795273cffec8946422e66d8be678fa9f552037880489d116a2db1
- SSDEEP
  
  24576:EbG/QaLwgQRXV+6FBn1J+DkA4fXL8+tIQ4yOUbGTla:zO3TK+qDYGxa
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan