darkcomet | 9392c3e7eb5d72da9405be00c4051aad3234d483ac0dc27e2e477f3f0612fb5f | Triage

Sharing

General

Target

JaffaCakes118_23df78180d2bb86a5658334ea2782077
Size

604KB
Sample

250226-fyw2va1qv6
MD5

23df78180d2bb86a5658334ea2782077
SHA1

e1e7a2804a90025825fc03b912c18aa3a0591693
SHA256

9392c3e7eb5d72da9405be00c4051aad3234d483ac0dc27e2e477f3f0612fb5f
SHA512

801ecda4e4e3afcc4ecacac452313a005b1333a2b0f3c43f35158dcf4a2da51a2b389bf3d1fed870860ce688934bd9ee97c04f8415e640c4c8cc7e56fd4355d7
SSDEEP

12288:cFcLKv/oxDPFt1TQFGTxk6d91OrCEvIT7mYVJWye:rw/KdaAOmQ6k5

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

113.193.99.159:1604

Attributes

gencode
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_23df78180d2bb86a5658334ea2782077
- Size
  
  604KB
- MD5
  
  23df78180d2bb86a5658334ea2782077
- SHA1
  
  e1e7a2804a90025825fc03b912c18aa3a0591693
- SHA256
  
  9392c3e7eb5d72da9405be00c4051aad3234d483ac0dc27e2e477f3f0612fb5f
- SHA512
  
  801ecda4e4e3afcc4ecacac452313a005b1333a2b0f3c43f35158dcf4a2da51a2b389bf3d1fed870860ce688934bd9ee97c04f8415e640c4c8cc7e56fd4355d7
- SSDEEP
  
  12288:cFcLKv/oxDPFt1TQFGTxk6d91OrCEvIT7mYVJWye:rw/KdaAOmQ6k5
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan