darkcomet | fa3ea17ebf293967c60e2104e9f0d93f3e71b13ccf7101b9ff49ecd021ea2b32 | Triage

Sharing

General

Target

JaffaCakes118_79526f842921845d1f40f311b5fdbc18
Size

658KB
Sample

250104-m5gn3awpd1
MD5

79526f842921845d1f40f311b5fdbc18
SHA1

4fc2a651e68b4619d1bc8ef14618c5115d7820ac
SHA256

fa3ea17ebf293967c60e2104e9f0d93f3e71b13ccf7101b9ff49ecd021ea2b32
SHA512

2b34405caa76f57158747cf1989c8dcf9822d3a1a4cb45a5cb5fa8e8c684999db2d63081124361e7668a41571c5cfd37f7d2403ed4606bab1aa21d801cde6ccc
SSDEEP

12288:o9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hw:cZ1xuVVjfFoynPaVBUR8f+kN10EBC

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

79.117.209.23:1604

Mutex

DC_MUTEX-DFGNDRE

Attributes

gencode
3iaD1lZ2xpHe
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_79526f842921845d1f40f311b5fdbc18
- Size
  
  658KB
- MD5
  
  79526f842921845d1f40f311b5fdbc18
- SHA1
  
  4fc2a651e68b4619d1bc8ef14618c5115d7820ac
- SHA256
  
  fa3ea17ebf293967c60e2104e9f0d93f3e71b13ccf7101b9ff49ecd021ea2b32
- SHA512
  
  2b34405caa76f57158747cf1989c8dcf9822d3a1a4cb45a5cb5fa8e8c684999db2d63081124361e7668a41571c5cfd37f7d2403ed4606bab1aa21d801cde6ccc
- SSDEEP
  
  12288:o9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hw:cZ1xuVVjfFoynPaVBUR8f+kN10EBC
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan