darkcomet

General

Target

f048edb56ed5fd14ac3d6eb0ca269d89_JaffaCakes118
Size

1.3MB
Sample

241214-xy4kcstjgr
MD5

f048edb56ed5fd14ac3d6eb0ca269d89
SHA1

d4c815ab0d74d3074d9311b5e67fff8028903717
SHA256

7f2d8f1db5b32f8d9257d2af9aec214395cb35c364d8ac66620e40f5ac3aa210
SHA512

1e924f40aaa2ee8d0c5c9ae3afcf124f2c34edea2af32d6387b26043352a974fe297f7a8325c614aad4df89fcdf21dcdf5bcce9ac17aac10c95acb2ac0482f6e
SSDEEP

24576:dthEVaPqLJh9hMvIMAY0RUHcAn6i9wQXPq2hLPzKpz5vN6mjkznF6F0eivWZub:FEVUc5hBMAYmUHcO9wS/P+z5vN6xns1A

Score

10^/10

darkcomet sg discovery rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

SG

C2

catalogs.no-ip.biz:443

Mutex

DC_MUTEX-CU72JM2

Attributes

gencode
uptaeuJ0bR8x
install
false
offline_keylogger
false
password
14531453
persistence
false

Targets

- Target
  
  f048edb56ed5fd14ac3d6eb0ca269d89_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  f048edb56ed5fd14ac3d6eb0ca269d89
- SHA1
  
  d4c815ab0d74d3074d9311b5e67fff8028903717
- SHA256
  
  7f2d8f1db5b32f8d9257d2af9aec214395cb35c364d8ac66620e40f5ac3aa210
- SHA512
  
  1e924f40aaa2ee8d0c5c9ae3afcf124f2c34edea2af32d6387b26043352a974fe297f7a8325c614aad4df89fcdf21dcdf5bcce9ac17aac10c95acb2ac0482f6e
- SSDEEP
  
  24576:dthEVaPqLJh9hMvIMAY0RUHcAn6i9wQXPq2hLPzKpz5vN6mjkznF6F0eivWZub:FEVUc5hBMAYmUHcO9wS/P+z5vN6xns1A
Score

10^/10

darkcomet sg discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2