darkcomet | 50d9532828525693f31e927ba9f2a2d38caf74b8e1c9909814dd1e3686aaeda5 | Triage

Sharing

General

Target

JaffaCakes118_104c792ca2e54d4ca8c48ec46dd4f1d4
Size

28KB
Sample

250122-xq61hszrdt
MD5

104c792ca2e54d4ca8c48ec46dd4f1d4
SHA1

326896140be9b2302893ed987f52ee9e062c3a63
SHA256

50d9532828525693f31e927ba9f2a2d38caf74b8e1c9909814dd1e3686aaeda5
SHA512

820bf1a09ddfcf7e62c0c0a6b023b5a2d5f6b0593c2cc0d145724c5d8e1f50fc21517d4b83bca3567e93f3f9730ec107e509ac618f6bd3ffe5b9e03ea8f40503
SSDEEP

384:j2ORD7ktAfWvWCsOYRN1HNc4AaFmXU0LroW3sPVaRkmRMFrH3bEhXeUl95m:qORD7kSfy72ahPT73sdaa6M9ryes/m

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_104c792ca2e54d4ca8c48ec46dd4f1d4
- Size
  
  28KB
- MD5
  
  104c792ca2e54d4ca8c48ec46dd4f1d4
- SHA1
  
  326896140be9b2302893ed987f52ee9e062c3a63
- SHA256
  
  50d9532828525693f31e927ba9f2a2d38caf74b8e1c9909814dd1e3686aaeda5
- SHA512
  
  820bf1a09ddfcf7e62c0c0a6b023b5a2d5f6b0593c2cc0d145724c5d8e1f50fc21517d4b83bca3567e93f3f9730ec107e509ac618f6bd3ffe5b9e03ea8f40503
- SSDEEP
  
  384:j2ORD7ktAfWvWCsOYRN1HNc4AaFmXU0LroW3sPVaRkmRMFrH3bEhXeUl95m:qORD7kSfy72ahPT73sdaa6M9ryes/m
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Server Software Component: Terminal Services DLL
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan