darkcomet | 1ff15bcabbaaa24b127d42affab23bd0fdd73c121b7c8cf1e5c8b00a9bbdfd64 | Triage

Sharing

General

Target

JaffaCakes118_030e2850dc74d5520b49a07e093a3956
Size

696KB
Sample

250112-agwrvsyjer
MD5

030e2850dc74d5520b49a07e093a3956
SHA1

f848b63bf4505706e437319d31ee4805582e907e
SHA256

1ff15bcabbaaa24b127d42affab23bd0fdd73c121b7c8cf1e5c8b00a9bbdfd64
SHA512

a90e6dd45a90efb924dde4b4f486566f2387720050069d3e9667d0985fa1224499f9a2e992b175aa49a2e1fbb5bd4f3ff82d24579889c07796172bdc214cd51f
SSDEEP

12288:eVZ1I8UePStKOWluVIA0Cf2hKPuIfgBuwRZMqB0rMpJrZ:a1NP0Ouyt8MsuI4B4qqar

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_030e2850dc74d5520b49a07e093a3956
- Size
  
  696KB
- MD5
  
  030e2850dc74d5520b49a07e093a3956
- SHA1
  
  f848b63bf4505706e437319d31ee4805582e907e
- SHA256
  
  1ff15bcabbaaa24b127d42affab23bd0fdd73c121b7c8cf1e5c8b00a9bbdfd64
- SHA512
  
  a90e6dd45a90efb924dde4b4f486566f2387720050069d3e9667d0985fa1224499f9a2e992b175aa49a2e1fbb5bd4f3ff82d24579889c07796172bdc214cd51f
- SSDEEP
  
  12288:eVZ1I8UePStKOWluVIA0Cf2hKPuIfgBuwRZMqB0rMpJrZ:a1NP0Ouyt8MsuI4B4qqar
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan