darkcomet | 4a332591f71933b7282825965da0a6940d5892f916f2875831fbe9eddb226236 | Triage

Sharing

General

Target

JaffaCakes118_6355519ad74424ff0d253388af7843c6
Size

729KB
Sample

250102-hlryga1pdl
MD5

6355519ad74424ff0d253388af7843c6
SHA1

794d147a4e17f9e374cac731c87305365460b3f9
SHA256

4a332591f71933b7282825965da0a6940d5892f916f2875831fbe9eddb226236
SHA512

3ebc2de88c3179f075d707fdba94c4f60ef331d4c74d904557d2f6f7985d825d48ef164e72ad2e765525a1eb483bf48ae9b5ebc8efbe21d1e480b57e50b913fd
SSDEEP

12288:SCwuUJwM/FztUNLfe3qiixpvWm8UlXKKiWhHXbAOc9WQUgUPPtk4+tOQH5MCF7Ky:SFJjNztUc3cTOUlXLisAx9FUZC9Am5MK

Score

10^/10

darkcomet guest16_min discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

192.168.1.2:1604

Mutex

DCMIN_MUTEX-1D6JZMY

Attributes

gencode
goh2NYLaBQDr
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_6355519ad74424ff0d253388af7843c6
- Size
  
  729KB
- MD5
  
  6355519ad74424ff0d253388af7843c6
- SHA1
  
  794d147a4e17f9e374cac731c87305365460b3f9
- SHA256
  
  4a332591f71933b7282825965da0a6940d5892f916f2875831fbe9eddb226236
- SHA512
  
  3ebc2de88c3179f075d707fdba94c4f60ef331d4c74d904557d2f6f7985d825d48ef164e72ad2e765525a1eb483bf48ae9b5ebc8efbe21d1e480b57e50b913fd
- SSDEEP
  
  12288:SCwuUJwM/FztUNLfe3qiixpvWm8UlXKKiWhHXbAOc9WQUgUPPtk4+tOQH5MCF7Ky:SFJjNztUc3cTOUlXLisAx9FUZC9Am5MK
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_mindiscoveryrattrojan

behavioral2

darkcometguest16_mindiscoveryrattrojan