darkcomet

General

Target

JaffaCakes118_b83040da3f1807b70073995b76f404fb
Size

1.1MB
Sample

250207-r4dcgawmfk
MD5

b83040da3f1807b70073995b76f404fb
SHA1

9b1710d570ad771bd0a193f046133757765ab2f6
SHA256

10291c9688d1b2c6b06cd10c5ef4e7a8e8d19e5b445d0f7cacae8a920b5a1bfe
SHA512

7f6f9762556e752c96e0a0b27644f03e57c5a535da1cd78a4db9d794d0be5ae711f3f61138f46f42a20a39faa7977e77f45351a672db11946cbffe3638db71b5
SSDEEP

12288:AVPFrG3e4v9x8ar3sIBR9ewSOHFMpdYNOQX7Tuz1UJSac:4keE9War3sIBR9eEl40OAl1c

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Altri x

C2

jani1991.no-ip.org:1604

Mutex

DC_MUTEX-0RF6295

Attributes

gencode
v1BAksQG+Lzi
install
false
offline_keylogger
true
password
jani1991bmw31991
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_b83040da3f1807b70073995b76f404fb
- Size
  
  1.1MB
- MD5
  
  b83040da3f1807b70073995b76f404fb
- SHA1
  
  9b1710d570ad771bd0a193f046133757765ab2f6
- SHA256
  
  10291c9688d1b2c6b06cd10c5ef4e7a8e8d19e5b445d0f7cacae8a920b5a1bfe
- SHA512
  
  7f6f9762556e752c96e0a0b27644f03e57c5a535da1cd78a4db9d794d0be5ae711f3f61138f46f42a20a39faa7977e77f45351a672db11946cbffe3638db71b5
- SSDEEP
  
  12288:AVPFrG3e4v9x8ar3sIBR9ewSOHFMpdYNOQX7Tuz1UJSac:4keE9War3sIBR9eEl40OAl1c
Score

10^/10

darkcomet altri x discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Replication Through Removable Media

1

T1091

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Executes dropped EXE

Loads dropped DLL

Drops autorun.inf file

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2