darkcomet | 6127a7138e021cda4e64f0bfe0ca74c1b8a66ba5840b0d9ecff7f4096d279514 | Triage

Sharing

General

Target

a0fe55ed4b6e9f7b70c640681e7116c9_JaffaCakes118
Size

791KB
Sample

241126-kwsc4atpgx
MD5

a0fe55ed4b6e9f7b70c640681e7116c9
SHA1

5adb7ad253412cfbaefb0004fde0557449c9ce03
SHA256

6127a7138e021cda4e64f0bfe0ca74c1b8a66ba5840b0d9ecff7f4096d279514
SHA512

26c34ac7cbd7205283f95e4fc3d0208dbdac4aaf2412c54ecfec888a4bb850cae1ca32de6c2095203a7bca5c84ae923bbce66decf669837d3a4788d5e821e81f
SSDEEP

24576:vOESUc+MtiJ+kOsK70iFt8qBP7TH24v6:vJS+J+kO5t84P1

Score

10^/10

darkcomet jdb discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

JDB

C2

robbery.no-ip.org:1338

Mutex

RobEU-King

Attributes

gencode
BUyCSukijnkZ
install
false
offline_keylogger
true
password
robeu
persistence
false

Targets

- Target
  
  a0fe55ed4b6e9f7b70c640681e7116c9_JaffaCakes118
- Size
  
  791KB
- MD5
  
  a0fe55ed4b6e9f7b70c640681e7116c9
- SHA1
  
  5adb7ad253412cfbaefb0004fde0557449c9ce03
- SHA256
  
  6127a7138e021cda4e64f0bfe0ca74c1b8a66ba5840b0d9ecff7f4096d279514
- SHA512
  
  26c34ac7cbd7205283f95e4fc3d0208dbdac4aaf2412c54ecfec888a4bb850cae1ca32de6c2095203a7bca5c84ae923bbce66decf669837d3a4788d5e821e81f
- SSDEEP
  
  24576:vOESUc+MtiJ+kOsK70iFt8qBP7TH24v6:vJS+J+kO5t84P1
Score

10^/10

darkcomet jdb discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometjdbdiscoveryevasionrattrojan

behavioral2

darkcometjdbdiscoveryevasionrattrojan