darkcomet | b261fde18bdb6416d9038ca989af09f41b8fe5439ddcc722649b857523af7fe9 | Triage

Sharing

General

Target

8139b4db9246ab5705760f0dd3f857c3_JaffaCakes118
Size

818KB
Sample

241031-czbkraypgq
MD5

8139b4db9246ab5705760f0dd3f857c3
SHA1

3ed85758a5ff1ac5f51dbb15ee92ae581bbe048e
SHA256

b261fde18bdb6416d9038ca989af09f41b8fe5439ddcc722649b857523af7fe9
SHA512

d4a9f48b5cd3f2c0d38432ce3ab844390709e6b52e6ff1dc0b451800211add3cb0c15a169cd3ca1ead5ab0e6163dd2803b26dc62664b3a93b3b8e87201ff7865
SSDEEP

12288:XrAbyKokhLjb24pK25x+dNkESix4L2K8ys2rorU53z1Fkg5adYFstkADvbV879a:0N924Q25xMV4LGys2/Zvkg2LtB/V87

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-S88R3S5

Attributes

gencode
t9fKBABKLzbd
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8139b4db9246ab5705760f0dd3f857c3_JaffaCakes118
- Size
  
  818KB
- MD5
  
  8139b4db9246ab5705760f0dd3f857c3
- SHA1
  
  3ed85758a5ff1ac5f51dbb15ee92ae581bbe048e
- SHA256
  
  b261fde18bdb6416d9038ca989af09f41b8fe5439ddcc722649b857523af7fe9
- SHA512
  
  d4a9f48b5cd3f2c0d38432ce3ab844390709e6b52e6ff1dc0b451800211add3cb0c15a169cd3ca1ead5ab0e6163dd2803b26dc62664b3a93b3b8e87201ff7865
- SSDEEP
  
  12288:XrAbyKokhLjb24pK25x+dNkESix4L2K8ys2rorU53z1Fkg5adYFstkADvbV879a:0N924Q25xMV4LGys2/Zvkg2LtB/V87
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan