darkcomet

General

Target

JaffaCakes118_805e89933cc4f05cdf673c6b26a2bdba
Size

1.0MB
Sample

250319-3k8j2sxse1
MD5

805e89933cc4f05cdf673c6b26a2bdba
SHA1

fd02fee4205b1ceaa22641c1df06751babdf2873
SHA256

26dfab5fe3d901cf43515a68b9e8087cceb2b4671d39f35f39d77bd1170dd029
SHA512

02af35ef650527607bc1ca07e0ea6a0305df5922349e1aea373e153800123184faab844633dcc7eb6ddac76f37109162cd60cc6da634583a684be1889d7d3cc1
SSDEEP

24576:VVKHkkUv8dEMDwZAuKNtY01Fg3JtV8OBDX2rBqJ5qI:Vd4R8ZAuMFFg3r/H

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:5555

Mutex

DC_MUTEX-K0E881G

Attributes

gencode
5vJ#lZ6�m5eW
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_805e89933cc4f05cdf673c6b26a2bdba
- Size
  
  1.0MB
- MD5
  
  805e89933cc4f05cdf673c6b26a2bdba
- SHA1
  
  fd02fee4205b1ceaa22641c1df06751babdf2873
- SHA256
  
  26dfab5fe3d901cf43515a68b9e8087cceb2b4671d39f35f39d77bd1170dd029
- SHA512
  
  02af35ef650527607bc1ca07e0ea6a0305df5922349e1aea373e153800123184faab844633dcc7eb6ddac76f37109162cd60cc6da634583a684be1889d7d3cc1
- SSDEEP
  
  24576:VVKHkkUv8dEMDwZAuKNtY01Fg3JtV8OBDX2rBqJ5qI:Vd4R8ZAuMFFg3r/H
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Drops file in Drivers directory

Checks BIOS information in registry

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2