darkcomet | 830b9cffbf81524f0ca81e8447b58f8d93fdbda89b22a6d47086992549a79e04 | Triage

Sharing

General

Target

JaffaCakes118_352ebd4a22057e2b8f3ce6fd6899c18a
Size

494KB
Sample

250228-26e9yssn13
MD5

352ebd4a22057e2b8f3ce6fd6899c18a
SHA1

38f9acec0f6e6832524008376bbf415bbcac36f1
SHA256

830b9cffbf81524f0ca81e8447b58f8d93fdbda89b22a6d47086992549a79e04
SHA512

6918dbc6dfef172b75127e267a4bbf659b1425277874150658d16df19c10cbad39e044083f3be44824328396932a33ea401d7260ecfa1eeedf3ef0790be7a322
SSDEEP

12288:es5MggioAhNCWRv52sg9WLyDvW9vSSkUXDYt6/QKe6+0mPo:L5MEo8oWRx2MLd6S3Txe6Ww

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:81

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
J3AC-bq9vS6w
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_352ebd4a22057e2b8f3ce6fd6899c18a
- Size
  
  494KB
- MD5
  
  352ebd4a22057e2b8f3ce6fd6899c18a
- SHA1
  
  38f9acec0f6e6832524008376bbf415bbcac36f1
- SHA256
  
  830b9cffbf81524f0ca81e8447b58f8d93fdbda89b22a6d47086992549a79e04
- SHA512
  
  6918dbc6dfef172b75127e267a4bbf659b1425277874150658d16df19c10cbad39e044083f3be44824328396932a33ea401d7260ecfa1eeedf3ef0790be7a322
- SSDEEP
  
  12288:es5MggioAhNCWRv52sg9WLyDvW9vSSkUXDYt6/QKe6+0mPo:L5MEo8oWRx2MLd6S3Txe6Ww
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan