darkcomet | 415094e4bd0111d2d2c99ea3f095bd37cc3de28c6c4e754f78c4a97f8cbdb9bb | Triage

Sharing

General

Target

JaffaCakes118_b7003b8e8a86ff5bea901992f827098a
Size

261KB
Sample

250207-pnymcs1rhn
MD5

b7003b8e8a86ff5bea901992f827098a
SHA1

cbae78d823feeb62b4f71044ad21ed24f872d3ec
SHA256

415094e4bd0111d2d2c99ea3f095bd37cc3de28c6c4e754f78c4a97f8cbdb9bb
SHA512

999340785c5e81467e612f7dc97512bf125fe08f4c260939c212a0d89e40d77a33385f0ab94e31ed5229a37d9d04ab98dc883a405d3102c96516713dd2d0748e
SSDEEP

6144:ChY9ue9qNntcccO2MDQDwKelzF0nmLm+NT+p:zD8tg7wx3BK

Score

10^/10

darkcomet guest1 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest1

C2

contentcache.sytes.net:34614

Mutex

DC_MUTEX-9A95PWA

Attributes

InstallPath
windupdt\svchost.exe
gencode
V91A9/GE#zBH
install
true
offline_keylogger
true
persistence
true
reg_key
svchost

rc4.plain

Targets

- Target
  
  JaffaCakes118_b7003b8e8a86ff5bea901992f827098a
- Size
  
  261KB
- MD5
  
  b7003b8e8a86ff5bea901992f827098a
- SHA1
  
  cbae78d823feeb62b4f71044ad21ed24f872d3ec
- SHA256
  
  415094e4bd0111d2d2c99ea3f095bd37cc3de28c6c4e754f78c4a97f8cbdb9bb
- SHA512
  
  999340785c5e81467e612f7dc97512bf125fe08f4c260939c212a0d89e40d77a33385f0ab94e31ed5229a37d9d04ab98dc883a405d3102c96516713dd2d0748e
- SSDEEP
  
  6144:ChY9ue9qNntcccO2MDQDwKelzF0nmLm+NT+p:zD8tg7wx3BK
Score

10^/10

darkcomet guest1 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest1discoveryrattrojan

behavioral2

darkcometguest1discoveryrattrojan