darkcomet | 142421d1eaa3e5646bb19a7bb87660fc8c6be15e7af505e0839d80d59cad977d | Triage

Sharing

General

Target

59ce2e68ccd1fdbb0c72133107f41db2_JaffaCakes118
Size

1.3MB
Sample

241018-3elhbstfna
MD5

59ce2e68ccd1fdbb0c72133107f41db2
SHA1

1c1a83a99a35a17806df2297393ef47fb1bb03cc
SHA256

142421d1eaa3e5646bb19a7bb87660fc8c6be15e7af505e0839d80d59cad977d
SHA512

f07f79770d2c0b9070d2f60bb4b76e28fd1a78276d3394bd2fef98ca1cd5b357e0e51ab5eb7073c3312e9460798d97fe6fdd351858308c60a71f7b3663b9f1c8
SSDEEP

24576:oSUsVKJLgkWBKHMu4OCJvgBJBTIqfcEA8E67q7wvQemcMzQhRF:vU1JouleJscsE6M+u0F

Score

10^/10

darkcomet rat discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Rat

C2

guywithsockz.no-ip.org:1605

Mutex

DC_MUTEX-AXS9XA8

Attributes

gencode
mNEJsHvfQMfx
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  59ce2e68ccd1fdbb0c72133107f41db2_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  59ce2e68ccd1fdbb0c72133107f41db2
- SHA1
  
  1c1a83a99a35a17806df2297393ef47fb1bb03cc
- SHA256
  
  142421d1eaa3e5646bb19a7bb87660fc8c6be15e7af505e0839d80d59cad977d
- SHA512
  
  f07f79770d2c0b9070d2f60bb4b76e28fd1a78276d3394bd2fef98ca1cd5b357e0e51ab5eb7073c3312e9460798d97fe6fdd351858308c60a71f7b3663b9f1c8
- SSDEEP
  
  24576:oSUsVKJLgkWBKHMu4OCJvgBJBTIqfcEA8E67q7wvQemcMzQhRF:vU1JouleJscsE6M+u0F
Score

10^/10

darkcomet rat discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometratdiscoveryrattrojan

behavioral2

darkcometratdiscoveryrattrojan