darkcomet | 948d08f4f06424bc8e0414ca7e6bbbe7ee5d864f7d8f3a712b74cd69caaad6a8 | Triage

Sharing

General

Target

6bc69964a238f1382f4b0d8ce2fd7029_JaffaCakes118
Size

747KB
Sample

241022-y18grssbla
MD5

6bc69964a238f1382f4b0d8ce2fd7029
SHA1

2eea26e5197cde6fc2824384d215ed71a12b41d5
SHA256

948d08f4f06424bc8e0414ca7e6bbbe7ee5d864f7d8f3a712b74cd69caaad6a8
SHA512

80e6e7f9b79e0469481f07625fb82c02c0769805a4dfe18941ef34dd092b8e28e9a2fda4aaed2e0a92574f3f8757cc7c91140699038b0c9def298fe200b63d00
SSDEEP

12288:nk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/++vvNVRV:k0QRWoJEfg0oChGdJQbjPbNW5tYeP+GZ

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

68.38.146.161:82

Mutex

DC_MUTEX-KU2FVVH

Attributes

gencode
lEVZBA6zkcff
install
false
offline_keylogger
true
password
123456
persistence
false

Targets

- Target
  
  6bc69964a238f1382f4b0d8ce2fd7029_JaffaCakes118
- Size
  
  747KB
- MD5
  
  6bc69964a238f1382f4b0d8ce2fd7029
- SHA1
  
  2eea26e5197cde6fc2824384d215ed71a12b41d5
- SHA256
  
  948d08f4f06424bc8e0414ca7e6bbbe7ee5d864f7d8f3a712b74cd69caaad6a8
- SHA512
  
  80e6e7f9b79e0469481f07625fb82c02c0769805a4dfe18941ef34dd092b8e28e9a2fda4aaed2e0a92574f3f8757cc7c91140699038b0c9def298fe200b63d00
- SSDEEP
  
  12288:nk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/++vvNVRV:k0QRWoJEfg0oChGdJQbjPbNW5tYeP+GZ
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan