darkcomet

General

Target

7cfb602fba2283c98ca2890d342f95fd_JaffaCakes118
Size

339KB
Sample

241029-2lcnbssndm
MD5

7cfb602fba2283c98ca2890d342f95fd
SHA1

482e8600cc4f79159f68b6c1b8df6d1811ed107a
SHA256

2432b6162e67009a808cef4b72c678c29843e450457f6a07c789a8ba35695051
SHA512

91e61a5a5207a3ffcf2d714ed79622bed743b715a685d82a2931e9ed9540f52f9a517c6dcaed8359bfdeeb442deb061a31ef9f9644f0dbe9ecc2cae34224559f
SSDEEP

6144:xyutuIclgSHwqSccPQiNoG2pNw8P2h7t7tmpEgKFHrd7cBio7opjz:MHxgSHsceQiNoG2sFqEg+Zlo7opjz

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Victim

C2

truehack.no-ip.biz:3080

Mutex

DC_MUTEX-A3WT0S0

Attributes

gencode
KTfhrGxQkhEJ
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  7cfb602fba2283c98ca2890d342f95fd_JaffaCakes118
- Size
  
  339KB
- MD5
  
  7cfb602fba2283c98ca2890d342f95fd
- SHA1
  
  482e8600cc4f79159f68b6c1b8df6d1811ed107a
- SHA256
  
  2432b6162e67009a808cef4b72c678c29843e450457f6a07c789a8ba35695051
- SHA512
  
  91e61a5a5207a3ffcf2d714ed79622bed743b715a685d82a2931e9ed9540f52f9a517c6dcaed8359bfdeeb442deb061a31ef9f9644f0dbe9ecc2cae34224559f
- SSDEEP
  
  6144:xyutuIclgSHwqSccPQiNoG2pNw8P2h7t7tmpEgKFHrd7cBio7opjz:MHxgSHsceQiNoG2sFqEg+Zlo7opjz
Score

10^/10

darkcomet victim discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2