darkcomet

General

Target

JaffaCakes118_8af79df4773c050faeb6c305dd4f84b3
Size

620KB
Sample

250328-y6t7bs1tbs
MD5

8af79df4773c050faeb6c305dd4f84b3
SHA1

e1286dde959d78e0373ba3b62573f71ae633c213
SHA256

bb83eea71147552205cb7327ae323fc6cb5d5a95ed36abe42f4c53c47927baa1
SHA512

e722a33bf2a8001d3f1f0a65f5d73218572a739b0a2816208bedbe80421b0972ccc659c5e33b00f77422e697093f0e92111bdc8287a380663b275468a7a427eb
SSDEEP

12288:bgbz1o1/SIE3rRcrQKqup9y/YlzuoKaucp+/Wt/8vC:k21PQKNM/Y9uoKauaAC

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

drk1.no-ip.biz:1604

Mutex

DCMIN_MUTEX-3E72LZ0

Attributes

gencode
phHGgrq1nyQY
install
false
offline_keylogger
true
persistence
false

rc4.plain

1
#KCMDDC51#-890

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

1
#KCMDDC51#-890

Targets

- Target
  
  JaffaCakes118_8af79df4773c050faeb6c305dd4f84b3
- Size
  
  620KB
- MD5
  
  8af79df4773c050faeb6c305dd4f84b3
- SHA1
  
  e1286dde959d78e0373ba3b62573f71ae633c213
- SHA256
  
  bb83eea71147552205cb7327ae323fc6cb5d5a95ed36abe42f4c53c47927baa1
- SHA512
  
  e722a33bf2a8001d3f1f0a65f5d73218572a739b0a2816208bedbe80421b0972ccc659c5e33b00f77422e697093f0e92111bdc8287a380663b275468a7a427eb
- SSDEEP
  
  12288:bgbz1o1/SIE3rRcrQKqup9y/YlzuoKaucp+/Wt/8vC:k21PQKNM/Y9uoKauaAC
Score

10^/10

darkcomet guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Drops startup file

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.