darkcomet

General

Target

45c7ee4bed00a5fd364b477e874fc849_JaffaCakes118
Size

383KB
Sample

241015-esvfdstgpb
MD5

45c7ee4bed00a5fd364b477e874fc849
SHA1

b5f3d363663b4a30302f7aa0bd71a091b9c72c04
SHA256

efa221bd1f00a64e77ac1963987bd7a2ec1b96cb449970d0f01c98938ebdb6a4
SHA512

d3dc25bbc2f0a76dc27691c334d9602d268622bcf509665bc9c4442bdab67b9b983bf4a33b8aa7a9efc004d79989beb7067d0f9d4c18c7358fadd12e4a7c1001
SSDEEP

6144:szLhp3fD0scN5iULQQTFwK2BA/iV3W7x/JkpnyG88HpdFIB0MDXMe7uLZ1IMGIGW:khpvotN5VLQQKeiLyG8afFC0MDXMe7OH

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

holahola.no-ip.org:1337

Mutex

DC_MUTEX-8V9LZ3Y

Attributes

gencode
9lBjCyQW2Soe
install
false
offline_keylogger
true
password
tigresa
persistence
false

Targets

- Target
  
  45c7ee4bed00a5fd364b477e874fc849_JaffaCakes118
- Size
  
  383KB
- MD5
  
  45c7ee4bed00a5fd364b477e874fc849
- SHA1
  
  b5f3d363663b4a30302f7aa0bd71a091b9c72c04
- SHA256
  
  efa221bd1f00a64e77ac1963987bd7a2ec1b96cb449970d0f01c98938ebdb6a4
- SHA512
  
  d3dc25bbc2f0a76dc27691c334d9602d268622bcf509665bc9c4442bdab67b9b983bf4a33b8aa7a9efc004d79989beb7067d0f9d4c18c7358fadd12e4a7c1001
- SSDEEP
  
  6144:szLhp3fD0scN5iULQQTFwK2BA/iV3W7x/JkpnyG88HpdFIB0MDXMe7uLZ1IMGIGW:khpvotN5VLQQKeiLyG8afFC0MDXMe7OH
Score

10^/10

darkcomet guest16 discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2