darkcomet | ce69635f8262ee0482e2b5f06dd66f496c05c06543630f25ce530cc5ad801ac9 | Triage

Sharing

General

Target

JaffaCakes118_09f4e2ced742f8913a77ffa311eaf740
Size

721KB
Sample

250220-gbmekazjx7
MD5

09f4e2ced742f8913a77ffa311eaf740
SHA1

4fab38c7afb2ff41b9602439be100881aa5d799d
SHA256

ce69635f8262ee0482e2b5f06dd66f496c05c06543630f25ce530cc5ad801ac9
SHA512

ebc576ddd40159e31d659be78c818f0338d640760290dbd183b7fb9dd6110f5b0201c81024d464d6c11999db06eff6a6a12226aa08e7f6cb32c823b9b0ba41c6
SSDEEP

12288:TCMbgChxy1pcyyTVBOLUYrCBXNWAj9TVD1CQ6LfifMTqu3vRzM3IqOpMlGz+Hd:ThbJfxMrCBw5zdqOpGGz+H

Score

10^/10

darkcomet rudeking discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

RudeKing

C2

dofusrude.no-ip.biz:35

Mutex

DC_MUTEX-4M0YDTW

Attributes

gencode
X6c9wzwdMgVQ
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_09f4e2ced742f8913a77ffa311eaf740
- Size
  
  721KB
- MD5
  
  09f4e2ced742f8913a77ffa311eaf740
- SHA1
  
  4fab38c7afb2ff41b9602439be100881aa5d799d
- SHA256
  
  ce69635f8262ee0482e2b5f06dd66f496c05c06543630f25ce530cc5ad801ac9
- SHA512
  
  ebc576ddd40159e31d659be78c818f0338d640760290dbd183b7fb9dd6110f5b0201c81024d464d6c11999db06eff6a6a12226aa08e7f6cb32c823b9b0ba41c6
- SSDEEP
  
  12288:TCMbgChxy1pcyyTVBOLUYrCBXNWAj9TVD1CQ6LfifMTqu3vRzM3IqOpMlGz+Hd:ThbJfxMrCBw5zdqOpGGz+H
Score

10^/10

darkcomet rudeking discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometrudekingdiscoveryrattrojan

behavioral2

darkcometrudekingdiscoveryrattrojan