darkcomet | 88578732fb5742287bee43d6fd2db98053e292811173a3bb5947d3c00b0cdd22 | Triage

Sharing

General

Target

JaffaCakes118_77c2a1bcb08f77dd1716b3ea5ec67445
Size

635KB
Sample

250315-yt2qmswjz4
MD5

77c2a1bcb08f77dd1716b3ea5ec67445
SHA1

274e9ef34bf7155d764f05f1135fd6dd5a4ce371
SHA256

88578732fb5742287bee43d6fd2db98053e292811173a3bb5947d3c00b0cdd22
SHA512

7a8de18a50c3da856e83fb7bb4d3159a4ebe823ceba5be1e40b1e1303e005989847574dc79b6a9c7951e34c2878a1784aa827ff3f9026cd70b10e4f244638a28
SSDEEP

12288:gpwABK90BOeFx9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/L:awAcuz9lPzvxP+Bsz2XjWTRMQckkIXnz

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
FA�o1KhH/jbF
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_77c2a1bcb08f77dd1716b3ea5ec67445
- Size
  
  635KB
- MD5
  
  77c2a1bcb08f77dd1716b3ea5ec67445
- SHA1
  
  274e9ef34bf7155d764f05f1135fd6dd5a4ce371
- SHA256
  
  88578732fb5742287bee43d6fd2db98053e292811173a3bb5947d3c00b0cdd22
- SHA512
  
  7a8de18a50c3da856e83fb7bb4d3159a4ebe823ceba5be1e40b1e1303e005989847574dc79b6a9c7951e34c2878a1784aa827ff3f9026cd70b10e4f244638a28
- SSDEEP
  
  12288:gpwABK90BOeFx9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/L:awAcuz9lPzvxP+Bsz2XjWTRMQckkIXnz
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan