darkcomet | e74276689549168d457803f59964528d9da99cc972fde7e026ffb3e33010d14e | Triage

Sharing

General

Target

1cba823549cc492590f9a63a0ff9a971_JaffaCakes118
Size

3.4MB
Sample

241007-lk9nnsscmh
MD5

1cba823549cc492590f9a63a0ff9a971
SHA1

dfb099c24c29a4706e2e92c20c0d4e177b32c46f
SHA256

e74276689549168d457803f59964528d9da99cc972fde7e026ffb3e33010d14e
SHA512

3d18ed6a0bacc6037e2f333e74db2f5d702181b80943775712151456141cebfc9f8fe463861bbd29714fd3ecdba780209e221a4a3ef2a9cce8fcefc7dfd787cc
SSDEEP

49152:y/I7eTL3xa9U5SOYyx5x8CBNaTXk+tLFlJm+z55b:d

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  1cba823549cc492590f9a63a0ff9a971_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  1cba823549cc492590f9a63a0ff9a971
- SHA1
  
  dfb099c24c29a4706e2e92c20c0d4e177b32c46f
- SHA256
  
  e74276689549168d457803f59964528d9da99cc972fde7e026ffb3e33010d14e
- SHA512
  
  3d18ed6a0bacc6037e2f333e74db2f5d702181b80943775712151456141cebfc9f8fe463861bbd29714fd3ecdba780209e221a4a3ef2a9cce8fcefc7dfd787cc
- SSDEEP
  
  49152:y/I7eTL3xa9U5SOYyx5x8CBNaTXk+tLFlJm+z55b:d
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan