darkcomet | d7ed2c55f333b54f85c508673b4997d62dd3d2e3ddb0a404b142560b6c70dc16 | Triage

Sharing

General

Target

5eba5cf45192294a39882e3c7d23072c_JaffaCakes118
Size

689KB
Sample

241019-z7tgvs1gqq
MD5

5eba5cf45192294a39882e3c7d23072c
SHA1

dfeceb9b9050dc825140c1553f42885b76f524dd
SHA256

d7ed2c55f333b54f85c508673b4997d62dd3d2e3ddb0a404b142560b6c70dc16
SHA512

4a5e379e5dec87bb22e248e893db19766aa12bc8f46d213eedaa0b81a4cbffa6c3a8579f2fc7ba6095eba6fcaa41ecbd03b460084e5898eba8d5efe64fcafe83
SSDEEP

12288:N9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hSz:nZ1xuVVjfFoynPaVBUR8f+kN10EBq

Score

10^/10

darkcomet myip discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

MyIP

C2

nhaxer.no-ip.org:6767

myipnhaxer.zapto.org:6767

Mutex

DC_MUTEX-3Q4NF9B

Attributes

gencode
G1ayyUG3JRd2
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  5eba5cf45192294a39882e3c7d23072c_JaffaCakes118
- Size
  
  689KB
- MD5
  
  5eba5cf45192294a39882e3c7d23072c
- SHA1
  
  dfeceb9b9050dc825140c1553f42885b76f524dd
- SHA256
  
  d7ed2c55f333b54f85c508673b4997d62dd3d2e3ddb0a404b142560b6c70dc16
- SHA512
  
  4a5e379e5dec87bb22e248e893db19766aa12bc8f46d213eedaa0b81a4cbffa6c3a8579f2fc7ba6095eba6fcaa41ecbd03b460084e5898eba8d5efe64fcafe83
- SSDEEP
  
  12288:N9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hSz:nZ1xuVVjfFoynPaVBUR8f+kN10EBq
Score

10^/10

darkcomet myip discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometmyipdiscoveryrattrojan

behavioral2

darkcometmyipdiscoveryrattrojan