darkcomet

General

Target

JaffaCakes118_0f73ca22598dad6b63a6576f19057f10
Size

728KB
Sample

250221-b6hrza1rx5
MD5

0f73ca22598dad6b63a6576f19057f10
SHA1

aeadc3780531210483fdf77384f3bb12448dbc15
SHA256

e10d71ac05a2630ed4f2df399dba0e8ee9b37420de11eebd0235f1083ee563f0
SHA512

602896d479d55d40b055f77e32bba4ee38df1a443a5279cf0509cf5577326a7832f1c9f7cac413f05e35c5566cb6f8cb9764cae67ccaee106ddc8ef6e86d953e
SSDEEP

12288:jQ9HfQJn2ATw0cG+Hk5FyqGio/2AepkotKuPEqvL5JGeZzWeLT9Stb:5Jn2ATw0cG+5epJvPEqvtz/H96

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Test lan

C2

172.16.47.145:3333

Mutex

DCMIN_MUTEX-2WXMAT4

Attributes

gencode
bi8opMqkTPT5
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_0f73ca22598dad6b63a6576f19057f10
- Size
  
  728KB
- MD5
  
  0f73ca22598dad6b63a6576f19057f10
- SHA1
  
  aeadc3780531210483fdf77384f3bb12448dbc15
- SHA256
  
  e10d71ac05a2630ed4f2df399dba0e8ee9b37420de11eebd0235f1083ee563f0
- SHA512
  
  602896d479d55d40b055f77e32bba4ee38df1a443a5279cf0509cf5577326a7832f1c9f7cac413f05e35c5566cb6f8cb9764cae67ccaee106ddc8ef6e86d953e
- SSDEEP
  
  12288:jQ9HfQJn2ATw0cG+Hk5FyqGio/2AepkotKuPEqvL5JGeZzWeLT9Stb:5Jn2ATw0cG+5epJvPEqvtz/H96
Score

10^/10

darkcomet test lan discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2