darkcomet | a9b3cfc274be141d04cb63b4c3101b4b2cd967cf6a770b40c27cb7c950728aa0 | Triage

Sharing

General

Target

JaffaCakes118_3d9f89a47b2268d26a6678837a4ba3e0
Size

293KB
Sample

250302-d6kyfatsht
MD5

3d9f89a47b2268d26a6678837a4ba3e0
SHA1

20ae02d56ba1953fd19397aaa716689dfbf2972b
SHA256

a9b3cfc274be141d04cb63b4c3101b4b2cd967cf6a770b40c27cb7c950728aa0
SHA512

499fc05f294897ee33c63cfd11d381f7c2395bb685efe1a3ab641a8f552039434068b9edddddb0e3f573bd101fd5c12a706e3821f5c5756ab4511ce7226d28ba
SSDEEP

6144:/nldWebyuSHFuk0kSxW1GKsNKw3DVZdQOMjsaLyhCSFNslg0F9/iWKrRwuU5NH:/ldWeHS8k0ksW1G1NKeDVrjMbGcge9BX

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F5Q5H43

Attributes

gencode
a2Tgo3TxLqib
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  botas_visiems/botas_visiems/botas_2.exe
- Size
  
  2KB
- MD5
  
  c180e79eea65af90ca1f11c99f5fa115
- SHA1
  
  0f8b4e3533df4109fcd720316322a4094123fa30
- SHA256
  
  40657bf5fc7ae9dd32548ba848515b6cd09da0929adc910d0210639d0f2952ee
- SHA512
  
  07e3ec6d0e696256a814ea848d7fc86851c692e9c8b9d506ea81310bcce199405b8b7db30acd47a9adf00f997d0e486108e9ddde0c00a8dc2fd2bea85303d504
Score

1^/10
behavioral1 behavioral2
- Target
  
  botas_visiems/botas_visiems/botas_visiems.exe
- Size
  
  756KB
- MD5
  
  6a455f2f7aa13acfc936b4f5ab164cd1
- SHA1
  
  783f36d846b4e19ad51e42248941791cc9dd4b01
- SHA256
  
  0eddc764234f66325b53a0450df2f18d51baa772bfa17146fe84a2ef861486f4
- SHA512
  
  d622a2d5372454d112a8350c6ce7dd38aef5382a1fc53576c29f80efb407b5de95ed13424c767adf18f51bf5ba11f13559dc4189eccdf1c87b755a637e30a9a5
- SSDEEP
  
  12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hMbU:eZ1xuVVjfFoynPaVBUR8f+kN10EBSw
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

behavioral2

behavioral3

darkcometguest16discoveryrattrojan

behavioral4

darkcometguest16discoveryrattrojan