darkcomet

General

Target

fe83819d78bf2fad1963242af6b9c1d8_JaffaCakes118
Size

1.1MB
Sample

241219-fhlwyazndr
MD5

fe83819d78bf2fad1963242af6b9c1d8
SHA1

b43230a1aa17fa179ecc57cb4f99f0458900fd15
SHA256

e2bdc260f9f34b63d35905ac429ffd0a6832f73ad0bcbb68f7550cff9773cfa9
SHA512

4c6f7a410d257bba6d27a45ae771fa1a2989b3ab531f3b70e6d77f8bc153c1548cdfb8b6ca7f76d87ba93b914f92dfa168fee9e80eb40633bc38e3f91ed990a3
SSDEEP

24576:DSHN+a9C2Atjh5Hk4oOBKqn5vEgumMxJ3FSh:e+SC2Avd9BKqhEg4xNF

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

CleanRat

C2

108.83.21.169:1604

Mutex

DC_MUTEX-33M6NAQ

Attributes

gencode
FYSLFJqxqPY0
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  fe83819d78bf2fad1963242af6b9c1d8_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  fe83819d78bf2fad1963242af6b9c1d8
- SHA1
  
  b43230a1aa17fa179ecc57cb4f99f0458900fd15
- SHA256
  
  e2bdc260f9f34b63d35905ac429ffd0a6832f73ad0bcbb68f7550cff9773cfa9
- SHA512
  
  4c6f7a410d257bba6d27a45ae771fa1a2989b3ab531f3b70e6d77f8bc153c1548cdfb8b6ca7f76d87ba93b914f92dfa168fee9e80eb40633bc38e3f91ed990a3
- SSDEEP
  
  24576:DSHN+a9C2Atjh5Hk4oOBKqn5vEgumMxJ3FSh:e+SC2Avd9BKqhEg4xNF
Score

10^/10

darkcomet cleanrat discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Executes dropped EXE

Loads dropped DLL

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2