darkcomet | 42cc3ae904181c002ea0068d59e427b64a231bcf6f4ed317325fdbcfe5cacfc6 | Triage

Sharing

General

Target

JaffaCakes118_b92c1aa12453bbacd58af46814741c74
Size

754KB
Sample

250207-t53d4azqal
MD5

b92c1aa12453bbacd58af46814741c74
SHA1

3ff75c80fec047fc1c99d05a62bbd1a0debb1d6d
SHA256

42cc3ae904181c002ea0068d59e427b64a231bcf6f4ed317325fdbcfe5cacfc6
SHA512

fcd3aca0758930b13efa0bd65a83277a9f8e45b11083455ddd9ab6a6cb7082fcecec28481e5cb03fcb558c7163574e42823b678e9974b21304424284f104c57d
SSDEEP

12288:/reVQkTrvj4Vd6azYeAYUQeLRzmec+IUS63UIsVOqMofvmyb8FkZGoQw7Yp+zFtA:/OQkTf4P/jgQ2zmecrOkOqMofOyb6QtA

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

68.144.181.57:555

Mutex

DC_MUTEX-DE8M37P

Attributes

InstallPath
MultiMS\MultiMS.exe
gencode
�VaBEE/VoawJ
install
true
offline_keylogger
true
persistence
false
reg_key
MultiMS

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_b92c1aa12453bbacd58af46814741c74
- Size
  
  754KB
- MD5
  
  b92c1aa12453bbacd58af46814741c74
- SHA1
  
  3ff75c80fec047fc1c99d05a62bbd1a0debb1d6d
- SHA256
  
  42cc3ae904181c002ea0068d59e427b64a231bcf6f4ed317325fdbcfe5cacfc6
- SHA512
  
  fcd3aca0758930b13efa0bd65a83277a9f8e45b11083455ddd9ab6a6cb7082fcecec28481e5cb03fcb558c7163574e42823b678e9974b21304424284f104c57d
- SSDEEP
  
  12288:/reVQkTrvj4Vd6azYeAYUQeLRzmec+IUS63UIsVOqMofvmyb8FkZGoQw7Yp+zFtA:/OQkTf4P/jgQ2zmecrOkOqMofOyb6QtA
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan