darkcomet | 4ce3efcb3fa2ec237be3d23029c39f78ba524f1e6c9c3f3e4bdc2bc5260462e7 | Triage

Sharing

General

Target

JaffaCakes118_8118a509061ee73c0066f08e7c034cb7
Size

858KB
Sample

250320-dvwksswlx2
MD5

8118a509061ee73c0066f08e7c034cb7
SHA1

f1836056eaf9ae92852c00973042ea0dcd0826db
SHA256

4ce3efcb3fa2ec237be3d23029c39f78ba524f1e6c9c3f3e4bdc2bc5260462e7
SHA512

54e28ad410665922ea8a727764c26a06768ac0000354ca774f4f1013deead93a566b1db43fcf3a0f18c39bb4ab1fcf60725561a2e6db195b199106b3776e658f
SSDEEP

24576:2SfOWwhXVFw+46/bqeN85r8zje21pCDzoTiI4d8Dz:2DW6XTw+4Gbqe4AC2vCgTiIe8H

Score

10^/10

darkcomet azza discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

AZZA

C2

comets11.no-ip.biz:200

Mutex

DC_MUTEX-0YUAN6X

Attributes

gencode
tFBRkyhYq9LF
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_8118a509061ee73c0066f08e7c034cb7
- Size
  
  858KB
- MD5
  
  8118a509061ee73c0066f08e7c034cb7
- SHA1
  
  f1836056eaf9ae92852c00973042ea0dcd0826db
- SHA256
  
  4ce3efcb3fa2ec237be3d23029c39f78ba524f1e6c9c3f3e4bdc2bc5260462e7
- SHA512
  
  54e28ad410665922ea8a727764c26a06768ac0000354ca774f4f1013deead93a566b1db43fcf3a0f18c39bb4ab1fcf60725561a2e6db195b199106b3776e658f
- SSDEEP
  
  24576:2SfOWwhXVFw+46/bqeN85r8zje21pCDzoTiI4d8Dz:2DW6XTw+4Gbqe4AC2vCgTiIe8H
Score

10^/10

darkcomet azza discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometazzadiscoveryrattrojan

behavioral2

darkcometazzadiscoveryrattrojan