darkcomet | 59ae1fd3266a3503bd837d5ce9716a4153b457437be4f0a3c70a3766f3538031 | Triage

Sharing

General

Target

JaffaCakes118_06a27c931ee482bb946b2f4adb0cb07c
Size

290KB
Sample

250121-w6895sxkdk
MD5

06a27c931ee482bb946b2f4adb0cb07c
SHA1

f9cea932ed3c11d1ef35b8d4bd18156b0fd21356
SHA256

59ae1fd3266a3503bd837d5ce9716a4153b457437be4f0a3c70a3766f3538031
SHA512

d5e3530e1a2d2530f13ae07161389543b996316873509a5580ab37ecd902b17ee16e5a167bd4513ec6d716fa1439d7c4f39d6ceb479c4af8c79c98a4a5b7f3ce
SSDEEP

6144:60vvw9iMcp8QWdAWTqpjFotsNKyzYZdQOMjsaLyhCSFNslg0F9/iWKrlGxIMBU/M:6eIwNYTAoONKGYrjMbGcge9BYT/M

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

forced2.no-ip.org:1604

Mutex

DC_MUTEX-YB8EU5G

Attributes

gencode
aEDf7HphyETx
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  Force OP.exe
- Size
  
  699KB
- MD5
  
  ac0852f82b554dd56a8c27ab6947bb9c
- SHA1
  
  9b6d4c0ffd568861d89ad02abfb685ac4f4502a8
- SHA256
  
  a84d2d10941f536d9a6cbc3a204fe1bf647786324a285085f26dae741cc82b8f
- SHA512
  
  52be91072a71fe7db3f5837d60754355b42a5735372a618a8af8bcbde8fc614f259abce7ba0ef18cb9cab480cf5357e7d0a0495e7febcbd71cbc3d88e2be6acc
- SSDEEP
  
  12288:V9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h1as+P:fZ1xuVVjfFoynPaVBUR8f+kN10EBi
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan