darkcomet | 23d42e74fb70888be68f20167e17902dda52714fc04bfeb56c3ae0fc8e3f4cdb | Triage

Sharing

General

Target

JaffaCakes118_0f9b1b903ecc65861f9079dd4ec9d3d0
Size

647KB
Sample

250221-crc4ls1kan
MD5

0f9b1b903ecc65861f9079dd4ec9d3d0
SHA1

117bb74893c5ff51c40bd7de73f5004a112cbc3f
SHA256

23d42e74fb70888be68f20167e17902dda52714fc04bfeb56c3ae0fc8e3f4cdb
SHA512

f410c827a5717271e8159b4b9c626e606e7c7a3b50bc6c951f400580ab8d55b89511d6a873df56ffd1166ceb75b0cf44289da9698410686a5831971005a69b44
SSDEEP

12288:46A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhaQ:9AmBpVKHu0Mu9Xo20VGLVP5aQ

Score

10^/10

darkcomet vctm discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

vctm

C2

annodomini1771.no-ip.info:1604

Mutex

DC_MUTEX-87TC1VU

Attributes

gencode
PnyN4ee$TXTM
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_0f9b1b903ecc65861f9079dd4ec9d3d0
- Size
  
  647KB
- MD5
  
  0f9b1b903ecc65861f9079dd4ec9d3d0
- SHA1
  
  117bb74893c5ff51c40bd7de73f5004a112cbc3f
- SHA256
  
  23d42e74fb70888be68f20167e17902dda52714fc04bfeb56c3ae0fc8e3f4cdb
- SHA512
  
  f410c827a5717271e8159b4b9c626e606e7c7a3b50bc6c951f400580ab8d55b89511d6a873df56ffd1166ceb75b0cf44289da9698410686a5831971005a69b44
- SSDEEP
  
  12288:46A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhaQ:9AmBpVKHu0Mu9Xo20VGLVP5aQ
Score

10^/10

darkcomet vctm discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometvctmdiscoveryrattrojan

behavioral2

darkcometvctmdiscoveryrattrojan