darkcomet

General

Target

efe27fd5739f37d46e1f9fc7c3ccad58_JaffaCakes118
Size

533KB
Sample

241214-vz6d8s1kcp
MD5

efe27fd5739f37d46e1f9fc7c3ccad58
SHA1

7ab9cc88e288e58a29b253058f13ffd85d844f1e
SHA256

735a0da4d37b839e6385f08203527f0a21b8a5b0e024722fc4bcf63872e72064
SHA512

90db33784954e776f65e51f721641c47372ac8e7481e3f0ebaa6c6611d54ded34fa2414347b3b21c9f75236a2077f7ab6397fb518740dfee2e69151df12b63d5
SSDEEP

12288:PoOgS41Ye4ypiMXsIhvhWieV6C3B3oeyhRJPFRzRUjQKXNKzSoh:PoOgH1HxJHhpWD8GBYXvqtkzSS

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

funnyrat.zapto.org:1604

Mutex

DC_MUTEX-ZG2C840

Attributes

gencode
oskYAaPAtleh
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  efe27fd5739f37d46e1f9fc7c3ccad58_JaffaCakes118
- Size
  
  533KB
- MD5
  
  efe27fd5739f37d46e1f9fc7c3ccad58
- SHA1
  
  7ab9cc88e288e58a29b253058f13ffd85d844f1e
- SHA256
  
  735a0da4d37b839e6385f08203527f0a21b8a5b0e024722fc4bcf63872e72064
- SHA512
  
  90db33784954e776f65e51f721641c47372ac8e7481e3f0ebaa6c6611d54ded34fa2414347b3b21c9f75236a2077f7ab6397fb518740dfee2e69151df12b63d5
- SSDEEP
  
  12288:PoOgS41Ye4ypiMXsIhvhWieV6C3B3oeyhRJPFRzRUjQKXNKzSoh:PoOgH1HxJHhpWD8GBYXvqtkzSS
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2