darkcomet | 2b1a59fed1c492054ce705fa4359d53eb89347288d9e58b6625f6065a6beaf82 | Triage

Sharing

General

Target

JaffaCakes118_063a972292abe985cf81a6d2a00e95ed
Size

734KB
Sample

250219-sp6adatmap
MD5

063a972292abe985cf81a6d2a00e95ed
SHA1

3a012675865ef0cbd2325a073956c7429f3e25b7
SHA256

2b1a59fed1c492054ce705fa4359d53eb89347288d9e58b6625f6065a6beaf82
SHA512

a34a9ac0dd0664361d39fc978eaf0488b3b6a72e2f74d5f15c6f800482736c939b8593df563b2844cbfcf5456416fe1b336498117cbad88544a57e906283ae99
SSDEEP

12288:0WwOMi9pg+Tx/Hu+5k/BwvSlFh0y7RtZC+qEJKmkv316/hCKsEGxso1vPZx4zKMo:1dG+9fumLUA+qEaKFsEgrlPdFfT

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_063a972292abe985cf81a6d2a00e95ed
- Size
  
  734KB
- MD5
  
  063a972292abe985cf81a6d2a00e95ed
- SHA1
  
  3a012675865ef0cbd2325a073956c7429f3e25b7
- SHA256
  
  2b1a59fed1c492054ce705fa4359d53eb89347288d9e58b6625f6065a6beaf82
- SHA512
  
  a34a9ac0dd0664361d39fc978eaf0488b3b6a72e2f74d5f15c6f800482736c939b8593df563b2844cbfcf5456416fe1b336498117cbad88544a57e906283ae99
- SSDEEP
  
  12288:0WwOMi9pg+Tx/Hu+5k/BwvSlFh0y7RtZC+qEJKmkv316/hCKsEGxso1vPZx4zKMo:1dG+9fumLUA+qEaKFsEgrlPdFfT
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan