darkcomet

General

Target

JaffaCakes118_b8b7fae705d458b74618156e93bc104a
Size

895KB
Sample

250207-s6681awrgv
MD5

b8b7fae705d458b74618156e93bc104a
SHA1

e09fe0f8e491decabb38b4912597f5ec813e0eee
SHA256

23af7f64e1144b357de5f6fcc4424592dd188ab1a6b8d55dee57cfc53e72c14d
SHA512

37af34ccb5a610de3e6a3d3e53cf497332c94315bd52baff14ab3f2fa614d5bfc0a73b7a9c57fed5b399e2003c929c1f6d44baa7638cb95613813b49e86facce
SSDEEP

24576:+0NLb30W+Jab44G8tBwkNQ5CjSvu5jVe4vS:fL/+JAK1

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

pingu4host.no-ip.info:1604

Mutex

dsfgdfgTEX-0D5GL27

Attributes

gencode
GJCX9mzH1vsX
install
false
offline_keylogger
true
password
$change%$
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_b8b7fae705d458b74618156e93bc104a
- Size
  
  895KB
- MD5
  
  b8b7fae705d458b74618156e93bc104a
- SHA1
  
  e09fe0f8e491decabb38b4912597f5ec813e0eee
- SHA256
  
  23af7f64e1144b357de5f6fcc4424592dd188ab1a6b8d55dee57cfc53e72c14d
- SHA512
  
  37af34ccb5a610de3e6a3d3e53cf497332c94315bd52baff14ab3f2fa614d5bfc0a73b7a9c57fed5b399e2003c929c1f6d44baa7638cb95613813b49e86facce
- SSDEEP
  
  24576:+0NLb30W+Jab44G8tBwkNQ5CjSvu5jVe4vS:fL/+JAK1
Score

10^/10

darkcomet guest16 discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2