darkcomet

General

Target

8adf13c72686823f516769275ddf5add_JaffaCakes118
Size

544KB
Sample

241103-lyq4gszrhv
MD5

8adf13c72686823f516769275ddf5add
SHA1

93c652bc57d2ba7e4e0caaed53fcceb010459207
SHA256

d38a0f4c69019c49d16c343d4f00285ab02f84e39bc696503af5b5d7ca8199f1
SHA512

77eb1d12e30a425e56e099fa31f5f6b5fe26ad5e7ae5d39982f7f5ced8283cce2c01d2eaaa50ff5678361a4d8aaf33fde8be698c5b9952e5a8a8a0a4c3f3d52a
SSDEEP

12288:6rJwG6InTKdjOkCMNE0RBqvQADJoWySZ:mJfTeCMxBqIafy

Score

10^/10

darkcomet hf discovery rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

HF

C2

kronor.no-ip.biz:1604

Mutex

DC_MUTEX-R623E2R

Attributes

gencode
qkPExrxvsr84
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8adf13c72686823f516769275ddf5add_JaffaCakes118
- Size
  
  544KB
- MD5
  
  8adf13c72686823f516769275ddf5add
- SHA1
  
  93c652bc57d2ba7e4e0caaed53fcceb010459207
- SHA256
  
  d38a0f4c69019c49d16c343d4f00285ab02f84e39bc696503af5b5d7ca8199f1
- SHA512
  
  77eb1d12e30a425e56e099fa31f5f6b5fe26ad5e7ae5d39982f7f5ced8283cce2c01d2eaaa50ff5678361a4d8aaf33fde8be698c5b9952e5a8a8a0a4c3f3d52a
- SSDEEP
  
  12288:6rJwG6InTKdjOkCMNE0RBqvQADJoWySZ:mJfTeCMxBqIafy
Score

10^/10

darkcomet hf discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2