darkcomet | e23b919436a3b1902366d28f958a0bd8383b5466e88e870d19c3dcc1563cd81d | Triage

Sharing

General

Target

7dfd58796622fba127c52ff8949de24c_JaffaCakes118
Size

716KB
Sample

241030-fqe4csxdjr
MD5

7dfd58796622fba127c52ff8949de24c
SHA1

3faaa6f23ab2381957ce0b64c0c41b074e6b3c05
SHA256

e23b919436a3b1902366d28f958a0bd8383b5466e88e870d19c3dcc1563cd81d
SHA512

efc53b1f8896db10b4dadd3c13c2631b7245c2538b5496c25cbc2f6a63bb9da2a38d0309040ad86c68dccdb18b4eb137586c0bc66d90332899e653d6ee7e2592
SSDEEP

12288:EZ+NiPdgvUu349qVQ26Tj3RlBecWy+AnO6ExZWM+ZEyleDYud+lTcx:2nuVvKj37ktAO6AIh2ylOecx

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-B497C1N

Attributes

gencode
n3sLh5r610NL
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  7dfd58796622fba127c52ff8949de24c_JaffaCakes118
- Size
  
  716KB
- MD5
  
  7dfd58796622fba127c52ff8949de24c
- SHA1
  
  3faaa6f23ab2381957ce0b64c0c41b074e6b3c05
- SHA256
  
  e23b919436a3b1902366d28f958a0bd8383b5466e88e870d19c3dcc1563cd81d
- SHA512
  
  efc53b1f8896db10b4dadd3c13c2631b7245c2538b5496c25cbc2f6a63bb9da2a38d0309040ad86c68dccdb18b4eb137586c0bc66d90332899e653d6ee7e2592
- SSDEEP
  
  12288:EZ+NiPdgvUu349qVQ26Tj3RlBecWy+AnO6ExZWM+ZEyleDYud+lTcx:2nuVvKj37ktAO6AIh2ylOecx
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan