darkcomet | e28bc84a02e8151e658d4a288cc7a68a352020601750eb048ad0bb491db26b04 | Triage

Sharing

General

Target

ee16119ee4c7349e936af19841d5ec48_JaffaCakes118
Size

660KB
Sample

241214-lcg9fszjak
MD5

ee16119ee4c7349e936af19841d5ec48
SHA1

77b918ffeb4211a3b59376b6c95fece8bf6345e2
SHA256

e28bc84a02e8151e658d4a288cc7a68a352020601750eb048ad0bb491db26b04
SHA512

ef7d5b56fe6ec187560783e66192fbcfe3f266cb15f15cc26f7de79d16d40f2bb997b469d611b77c22b683e2b7c0dd72520a9627d24a9def0269611e88eb1af2
SSDEEP

12288:wXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uy:WnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Ji

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

kazanthehacker.no-ip.biz:81

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
Gi68cl6ooDlu
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ee16119ee4c7349e936af19841d5ec48_JaffaCakes118
- Size
  
  660KB
- MD5
  
  ee16119ee4c7349e936af19841d5ec48
- SHA1
  
  77b918ffeb4211a3b59376b6c95fece8bf6345e2
- SHA256
  
  e28bc84a02e8151e658d4a288cc7a68a352020601750eb048ad0bb491db26b04
- SHA512
  
  ef7d5b56fe6ec187560783e66192fbcfe3f266cb15f15cc26f7de79d16d40f2bb997b469d611b77c22b683e2b7c0dd72520a9627d24a9def0269611e88eb1af2
- SSDEEP
  
  12288:wXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452Uy:WnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Ji
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan