darkcomet | db8d26e7ddb50ed8e633d7ca24c8ef38d40ac0bee6cb6dd6f2f0e7c5d424f435 | Triage

Sharing

General

Target

416e267bb8c911b394a8aaf915de20af_JaffaCakes118
Size

665KB
Sample

241013-w8v6as1fnf
MD5

416e267bb8c911b394a8aaf915de20af
SHA1

7626288dd3c300e3a0ae187c6c8bd14c9152b226
SHA256

db8d26e7ddb50ed8e633d7ca24c8ef38d40ac0bee6cb6dd6f2f0e7c5d424f435
SHA512

2ddd716469e8861ca5982461a6dd8b0a2b14c5a44251e49827f8d4de84cd190b222fdc9b3a90b064459641bf2f0db94b3ef01e636febe6f4c139c0229f5d169e
SSDEEP

12288:DKfCwASB/dgp278QfBaqWDYqOXuar6jTEmmIXV8Hs7z06sbQOXf5WB1RCg4MsORF:mKSB6278sBKGOmYws7zUbQOv5U1RCvMZ

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-YUSXRAZ

Attributes

gencode
75kMfX8FGZXu
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  416e267bb8c911b394a8aaf915de20af_JaffaCakes118
- Size
  
  665KB
- MD5
  
  416e267bb8c911b394a8aaf915de20af
- SHA1
  
  7626288dd3c300e3a0ae187c6c8bd14c9152b226
- SHA256
  
  db8d26e7ddb50ed8e633d7ca24c8ef38d40ac0bee6cb6dd6f2f0e7c5d424f435
- SHA512
  
  2ddd716469e8861ca5982461a6dd8b0a2b14c5a44251e49827f8d4de84cd190b222fdc9b3a90b064459641bf2f0db94b3ef01e636febe6f4c139c0229f5d169e
- SSDEEP
  
  12288:DKfCwASB/dgp278QfBaqWDYqOXuar6jTEmmIXV8Hs7z06sbQOXf5WB1RCg4MsORF:mKSB6278sBKGOmYws7zUbQOv5U1RCvMZ
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan