darkcomet

General

Target

JaffaCakes118_303751bcf4517eeddf5920ff491d5cbd
Size

655KB
Sample

250227-3j1stas1f1
MD5

303751bcf4517eeddf5920ff491d5cbd
SHA1

0d2e3554918907d6f90a722a6579e047e29545c4
SHA256

79d109267b68ce87a577d79fc23b4c0a9491915ff2d1fd11dc270d608f679653
SHA512

6ff1124acd386214249beab58142841fc405a6f64121f7e40938655af6563ba934cfc8da76bee2c94f47d87f77ff074566232e859a82570721eff115d239c3f8
SSDEEP

12288:jpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIkn/r:lwAcu99lPzvxP+Bsz2XjWTRMQckkIknD

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

afkalkflcxvxcv.redirectme.net:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
�G.e==B0l$Ko
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_303751bcf4517eeddf5920ff491d5cbd
- Size
  
  655KB
- MD5
  
  303751bcf4517eeddf5920ff491d5cbd
- SHA1
  
  0d2e3554918907d6f90a722a6579e047e29545c4
- SHA256
  
  79d109267b68ce87a577d79fc23b4c0a9491915ff2d1fd11dc270d608f679653
- SHA512
  
  6ff1124acd386214249beab58142841fc405a6f64121f7e40938655af6563ba934cfc8da76bee2c94f47d87f77ff074566232e859a82570721eff115d239c3f8
- SSDEEP
  
  12288:jpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIkn/r:lwAcu99lPzvxP+Bsz2XjWTRMQckkIknD
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Checks BIOS information in registry

Loads dropped DLL

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2