darkcomet

General

Target

JaffaCakes118_873bb8ea19e0303bd459077aa20c0a56
Size

1.2MB
Sample

250323-rfjjksszc1
MD5

873bb8ea19e0303bd459077aa20c0a56
SHA1

c2cfef2c0eabde03765d267e2c437306cb8dcac4
SHA256

4db98d034d9b995763cb7f86d029c26fab5759b48f358506138df3197843cc42
SHA512

f597c6c2c4c732039ee59cac13d1c5a6f4d6a895dcdad02abe3a9ab3a8174ac3f2b46968c8388432b4fd28d0bc2439ea5d953dc4842023289b192e14330f5443
SSDEEP

24576:GFE//Tct4bOsjItd3vCrUg61MJFWQ7KLK4+49ZN7Ja1k:sSVjIr3vTg61oFWLLK4+4VJH

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

46.228.199.142:1604

Mutex

DCMIN_MUTEX-0TL86R9

Attributes

gencode
gxciUkYfaKlH
install
false
offline_keylogger
true
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_873bb8ea19e0303bd459077aa20c0a56
- Size
  
  1.2MB
- MD5
  
  873bb8ea19e0303bd459077aa20c0a56
- SHA1
  
  c2cfef2c0eabde03765d267e2c437306cb8dcac4
- SHA256
  
  4db98d034d9b995763cb7f86d029c26fab5759b48f358506138df3197843cc42
- SHA512
  
  f597c6c2c4c732039ee59cac13d1c5a6f4d6a895dcdad02abe3a9ab3a8174ac3f2b46968c8388432b4fd28d0bc2439ea5d953dc4842023289b192e14330f5443
- SSDEEP
  
  24576:GFE//Tct4bOsjItd3vCrUg61MJFWQ7KLK4+49ZN7Ja1k:sSVjIr3vTg61oFWLLK4+4VJH
Score

10^/10

darkcomet guest16_min discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2