darkcomet | 8673aa86842c751576ee32134be7a69f183e03b7d1aaba21e59210324701b7f0 | Triage

Sharing

General

Target

JaffaCakes118_4055b89432a840cfef231f832a440cc0
Size

701KB
Sample

250302-p3w23svvcz
MD5

4055b89432a840cfef231f832a440cc0
SHA1

ae23a8c8399ff0f712001efce7fe86fd2ec1ee80
SHA256

8673aa86842c751576ee32134be7a69f183e03b7d1aaba21e59210324701b7f0
SHA512

b9ec8f67e9a7a520060a7116d05e3763f7490eb1f180316d7a10128023ae82c7620716a987fb8f6dd01639e9317c2db6fa5d81da143ef99fddce59e1e531c570
SSDEEP

12288:/pWWs+DC/OQj6UINMCJZulbF5yc9CYr0jlWvJWQe5zCIWECSZP:oWRDWPp99n0jlQJje5OIWZSZP

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.1.10:1604

Mutex

DC_MUTEX-9WVWWSG

Attributes

gencode
FTExpWiTDMvY
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_4055b89432a840cfef231f832a440cc0
- Size
  
  701KB
- MD5
  
  4055b89432a840cfef231f832a440cc0
- SHA1
  
  ae23a8c8399ff0f712001efce7fe86fd2ec1ee80
- SHA256
  
  8673aa86842c751576ee32134be7a69f183e03b7d1aaba21e59210324701b7f0
- SHA512
  
  b9ec8f67e9a7a520060a7116d05e3763f7490eb1f180316d7a10128023ae82c7620716a987fb8f6dd01639e9317c2db6fa5d81da143ef99fddce59e1e531c570
- SSDEEP
  
  12288:/pWWs+DC/OQj6UINMCJZulbF5yc9CYr0jlWvJWQe5zCIWECSZP:oWRDWPp99n0jlQJje5OIWZSZP
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Drops file in Drivers directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan