darkcomet | 95ede0ea7f9a9559790e4c9921cf291470277241173f0f760c8cfdf8b7ccac2a | Triage

Sharing

General

Target

JaffaCakes118_7dd6e69cbf43e8874613185d5de27700
Size

647KB
Sample

250317-mkezqs1ky9
MD5

7dd6e69cbf43e8874613185d5de27700
SHA1

a8f0d559ff0ae1290b62a7c2f3913be18e5eb1c6
SHA256

95ede0ea7f9a9559790e4c9921cf291470277241173f0f760c8cfdf8b7ccac2a
SHA512

47c1b10dba1cf3b0941f5754123d091387c9193af4e1881fd2655af0150623c80880ef09cfedf5199b6b65203d705f9a38e1f6c55fa5e38a3b3a020dc8432bd6
SSDEEP

12288:46A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfha9:9AmBpVKHu0Mu9Xo20VGLVP5a9

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

demonedscape.no-ip.biz:100

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
l6�fXSh9v29P
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_7dd6e69cbf43e8874613185d5de27700
- Size
  
  647KB
- MD5
  
  7dd6e69cbf43e8874613185d5de27700
- SHA1
  
  a8f0d559ff0ae1290b62a7c2f3913be18e5eb1c6
- SHA256
  
  95ede0ea7f9a9559790e4c9921cf291470277241173f0f760c8cfdf8b7ccac2a
- SHA512
  
  47c1b10dba1cf3b0941f5754123d091387c9193af4e1881fd2655af0150623c80880ef09cfedf5199b6b65203d705f9a38e1f6c55fa5e38a3b3a020dc8432bd6
- SSDEEP
  
  12288:46A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfha9:9AmBpVKHu0Mu9Xo20VGLVP5a9
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan