darkcomet

General

Target

JaffaCakes118_055b24b64906702262f4cbeebf4943dd
Size

432KB
Sample

250219-n9wt8asj16
MD5

055b24b64906702262f4cbeebf4943dd
SHA1

d90f79213f884ae09599eb0ef5e2c14c2c79b4b9
SHA256

794cfca3490a6e2723d0b01585e6cbf781ea1127dc21b00c9d2e2f49b2d7b697
SHA512

75b9516c01fd73e4a0a120e427ed34a900588b2cb0836cf97d6087d779053cb076da0ab23ec05323f38231fed7fe9decb1c3786bf2384b88d9c5bdc0e5ca2b3f
SSDEEP

12288:URFj6nWjyFZTeKwJLfN02V4SiaDwREeDdTQNa8bu:/n+qZSKw7D0TE1bu

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

chitan.myftp.org:1111

Mutex

DC_MUTEX-K56QS73

Attributes

gencode
7oY9g+pgDXLD
install
false
offline_keylogger
false
password
hakima
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_055b24b64906702262f4cbeebf4943dd
- Size
  
  432KB
- MD5
  
  055b24b64906702262f4cbeebf4943dd
- SHA1
  
  d90f79213f884ae09599eb0ef5e2c14c2c79b4b9
- SHA256
  
  794cfca3490a6e2723d0b01585e6cbf781ea1127dc21b00c9d2e2f49b2d7b697
- SHA512
  
  75b9516c01fd73e4a0a120e427ed34a900588b2cb0836cf97d6087d779053cb076da0ab23ec05323f38231fed7fe9decb1c3786bf2384b88d9c5bdc0e5ca2b3f
- SSDEEP
  
  12288:URFj6nWjyFZTeKwJLfN02V4SiaDwREeDdTQNa8bu:/n+qZSKw7D0TE1bu
Score

10^/10

darkcomet guest16 aspackv2 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2