darkcomet | d319a4ebc48855f6587fe67ec6cb4913fd24f32d9e0ea890b0bd153e37dc3114 | Triage

Sharing

General

Target

JaffaCakes118_fa8ca78452d3935ce4232fc2d2018129
Size

811KB
Sample

250214-ww16sawmfj
MD5

fa8ca78452d3935ce4232fc2d2018129
SHA1

d538d59977c55896e64d06c6bf8324fba2bcd219
SHA256

d319a4ebc48855f6587fe67ec6cb4913fd24f32d9e0ea890b0bd153e37dc3114
SHA512

52b5ff00fe38ccb764dd895bc678b4e2cf8239bcdd12f3b7e02d1408c6d342bbf9dfa9dadb37ae485d804ad4381b2ea064455912bba84d95bac0355b72ac2be2
SSDEEP

24576:SAEENIq8XwyVPQclDq/+WnpsSVD0QZh9u:SAEsw722Wnk

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hackman.no-ip.org:1604

Mutex

DC_MUTEX-BK1UZT6

Attributes

gencode
WHlsyFSoA0Y6
install
false
offline_keylogger
true
password
0123456789
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_fa8ca78452d3935ce4232fc2d2018129
- Size
  
  811KB
- MD5
  
  fa8ca78452d3935ce4232fc2d2018129
- SHA1
  
  d538d59977c55896e64d06c6bf8324fba2bcd219
- SHA256
  
  d319a4ebc48855f6587fe67ec6cb4913fd24f32d9e0ea890b0bd153e37dc3114
- SHA512
  
  52b5ff00fe38ccb764dd895bc678b4e2cf8239bcdd12f3b7e02d1408c6d342bbf9dfa9dadb37ae485d804ad4381b2ea064455912bba84d95bac0355b72ac2be2
- SSDEEP
  
  24576:SAEENIq8XwyVPQclDq/+WnpsSVD0QZh9u:SAEsw722Wnk
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan