darkcomet | 16ea99d96c7501c6d88ac088976a0b7b07859567859d21e36115af81c2646c4f | Triage

Sharing

General

Target

JaffaCakes118_05bbb3e344ae73389d57581783d7a571
Size

664KB
Sample

250219-qsaa1a1qcs
MD5

05bbb3e344ae73389d57581783d7a571
SHA1

991e2474958d8730015016e1bd74ef95d2e8ae6d
SHA256

16ea99d96c7501c6d88ac088976a0b7b07859567859d21e36115af81c2646c4f
SHA512

2d7415c7c8da7a197caab0f287bd39921ad28b7da3932059118c2ab3ddef0edbfd22f21958c04afbe2b8e81f84477a012d840da08f19b7d658ba224c6f9cbed5
SSDEEP

12288:SPYNMzBKPMZf/WxzRZ0NlaPtEGB49xg8yhbSkCaduM7tB3B8P:qBYMUKe/B0dDkCawsBU

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

62.1.148.197:85

Mutex

DC_MUTEX-NZ4D16K

Attributes

gencode
sMS*0b.#67n�
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_05bbb3e344ae73389d57581783d7a571
- Size
  
  664KB
- MD5
  
  05bbb3e344ae73389d57581783d7a571
- SHA1
  
  991e2474958d8730015016e1bd74ef95d2e8ae6d
- SHA256
  
  16ea99d96c7501c6d88ac088976a0b7b07859567859d21e36115af81c2646c4f
- SHA512
  
  2d7415c7c8da7a197caab0f287bd39921ad28b7da3932059118c2ab3ddef0edbfd22f21958c04afbe2b8e81f84477a012d840da08f19b7d658ba224c6f9cbed5
- SSDEEP
  
  12288:SPYNMzBKPMZf/WxzRZ0NlaPtEGB49xg8yhbSkCaduM7tB3B8P:qBYMUKe/B0dDkCawsBU
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan