darkcomet | d6c04968ad6d636d10292cee6a79d9cef40249dcf85748540bdbc035e0f7272f | Triage

Sharing

General

Target

17db6b63abdf05059a5da75ad3827a15_JaffaCakes118
Size

482KB
Sample

241006-ndcrga1crl
MD5

17db6b63abdf05059a5da75ad3827a15
SHA1

3804d4f14faf27a69e0cdc2ff16a9d632d683d6b
SHA256

d6c04968ad6d636d10292cee6a79d9cef40249dcf85748540bdbc035e0f7272f
SHA512

07130d273579cec897a210e327015871b013b258925dc93e43190f57f61e094aae46859a36b1dca7367833515423c050aa912495fa118708fea286fc904f368d
SSDEEP

12288:keulMGw/qn159UyLOBIXDS/zujIKDsiqHHlR8bQOo5hmrbSd:znGwyDKyLPGLpKDs1l6QO4si

Score

10^/10

darkcomet guest16 discovery rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-621PKS9

Attributes

gencode
JEGsEmifGvri
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  17db6b63abdf05059a5da75ad3827a15_JaffaCakes118
- Size
  
  482KB
- MD5
  
  17db6b63abdf05059a5da75ad3827a15
- SHA1
  
  3804d4f14faf27a69e0cdc2ff16a9d632d683d6b
- SHA256
  
  d6c04968ad6d636d10292cee6a79d9cef40249dcf85748540bdbc035e0f7272f
- SHA512
  
  07130d273579cec897a210e327015871b013b258925dc93e43190f57f61e094aae46859a36b1dca7367833515423c050aa912495fa118708fea286fc904f368d
- SSDEEP
  
  12288:keulMGw/qn159UyLOBIXDS/zujIKDsiqHHlR8bQOo5hmrbSd:znGwyDKyLPGLpKDs1l6QO4si
Score

10^/10

darkcomet guest16 discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojanupx

behavioral2

darkcometdiscoveryrattrojanupx