darkcomet | 10c611a91e873a2ca75ed2bb5b9ea171230b3568b85c494309e7b1af9b104cd5 | Triage

Sharing

General

Target

JaffaCakes118_042b519fea63b319f550f3fe347c4fcc
Size

695KB
Sample

250219-jfcf9ssps5
MD5

042b519fea63b319f550f3fe347c4fcc
SHA1

c043df2da14e88dc1576fbab9bc93df91a573d0c
SHA256

10c611a91e873a2ca75ed2bb5b9ea171230b3568b85c494309e7b1af9b104cd5
SHA512

9ae39be49fd5b56b097aae991b56deee765a1439919e8d78d4f72c5e80c13be12807e530395d5718cd30a74f046dd074b06cc86ab4a896db45c095b948d5e2ab
SSDEEP

12288:NJ6i828AWSUJ0bJldsnDZE+fbcWyAUVZ9B5W2JXyWVTm3B32iPUd1CT3G5kneR4:76iH8AXUJ0tjUDXcrAsDW2tyWVTm3BGC

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

84.169.70.18:1604

127.0.0.1:1604

192.168.2.100:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
p5mqjs5.Tw�c
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_042b519fea63b319f550f3fe347c4fcc
- Size
  
  695KB
- MD5
  
  042b519fea63b319f550f3fe347c4fcc
- SHA1
  
  c043df2da14e88dc1576fbab9bc93df91a573d0c
- SHA256
  
  10c611a91e873a2ca75ed2bb5b9ea171230b3568b85c494309e7b1af9b104cd5
- SHA512
  
  9ae39be49fd5b56b097aae991b56deee765a1439919e8d78d4f72c5e80c13be12807e530395d5718cd30a74f046dd074b06cc86ab4a896db45c095b948d5e2ab
- SSDEEP
  
  12288:NJ6i828AWSUJ0bJldsnDZE+fbcWyAUVZ9B5W2JXyWVTm3B32iPUd1CT3G5kneR4:76iH8AXUJ0tjUDXcrAsDW2tyWVTm3BGC
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan