darkcomet

General

Target

JaffaCakes118_2191625d6751c72ba0d08646904bd860
Size

1.2MB
Sample

250223-wgbmksvkel
MD5

2191625d6751c72ba0d08646904bd860
SHA1

2598cfc878b9fedf2595d62f57e85186f8dd591c
SHA256

e7a42b2b7f4432a8f1d71dc5bb94b4fd9972cf068896089fe69d27de864eecff
SHA512

070722fa94563b313e91e9c8220c2b3fb9536817020e8b581464e3dfec50cfed187bc2529958723d660ccc265dbd6a59ba950e0d3344b0765f4079d21c66485c
SSDEEP

24576:bpqE6AeOLTe0mqGsLSl/i5Y9LXqlnVwD1JktnZeMnO0iCw:x8lbUjpUM

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

pown1988.no-ip.org:1027

Mutex

DC_MUTEX-9E02VN5

Attributes

gencode
n14S�MPB�V�1
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_2191625d6751c72ba0d08646904bd860
- Size
  
  1.2MB
- MD5
  
  2191625d6751c72ba0d08646904bd860
- SHA1
  
  2598cfc878b9fedf2595d62f57e85186f8dd591c
- SHA256
  
  e7a42b2b7f4432a8f1d71dc5bb94b4fd9972cf068896089fe69d27de864eecff
- SHA512
  
  070722fa94563b313e91e9c8220c2b3fb9536817020e8b581464e3dfec50cfed187bc2529958723d660ccc265dbd6a59ba950e0d3344b0765f4079d21c66485c
- SSDEEP
  
  24576:bpqE6AeOLTe0mqGsLSl/i5Y9LXqlnVwD1JktnZeMnO0iCw:x8lbUjpUM
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Executes dropped EXE

Loads dropped DLL

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2