darkcomet | 2e5caca965de7bddb5556f8e5cec84b12d8f3b9741b2939cc0ef945dca10c415 | Triage

Sharing

General

Target

JaffaCakes118_21e4041511c1418e868c37b0e5749915
Size

1.1MB
Sample

250225-crz85swny6
MD5

21e4041511c1418e868c37b0e5749915
SHA1

47337e5ca816043713c8591988b07e21a21bdbf0
SHA256

2e5caca965de7bddb5556f8e5cec84b12d8f3b9741b2939cc0ef945dca10c415
SHA512

733b9277df7362d96db55aca3a4ac251b7e3e82a4e2b2daf68eab9df7217297e92545f04daa3a16c350581447f288e1d418971a8cebd7d9c6f3a4ab48377aad2
SSDEEP

24576:F7KLsDg7cNgf1sYUaW6FLHqqRUcRSy4I3U49z:SsI9sYUaW6FL3ky4mU49z

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

serverupdate7.hopto.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
9$/+qnzYFyQ6
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_21e4041511c1418e868c37b0e5749915
- Size
  
  1.1MB
- MD5
  
  21e4041511c1418e868c37b0e5749915
- SHA1
  
  47337e5ca816043713c8591988b07e21a21bdbf0
- SHA256
  
  2e5caca965de7bddb5556f8e5cec84b12d8f3b9741b2939cc0ef945dca10c415
- SHA512
  
  733b9277df7362d96db55aca3a4ac251b7e3e82a4e2b2daf68eab9df7217297e92545f04daa3a16c350581447f288e1d418971a8cebd7d9c6f3a4ab48377aad2
- SSDEEP
  
  24576:F7KLsDg7cNgf1sYUaW6FLHqqRUcRSy4I3U49z:SsI9sYUaW6FL3ky4mU49z
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan