darkcomet

General

Target

JaffaCakes118_bd13e46b816b8e46527a64a35b32882f
Size

2.4MB
Sample

250418-h193lawyc1
MD5

bd13e46b816b8e46527a64a35b32882f
SHA1

3e85ff50d2059b2ff2292fe2a0d1eceab0e71fcd
SHA256

ddf83a8699f5db890b48d3b29b43fc6d39f32307cd091cad965e24011d49f01a
SHA512

2ce91782f7137655567a4c9262795d6b659ae505cb5d054d9d32df0920c0607376ba15871205a4b364d64f5443226277d654ffb93ba5353005b59e0246f2b2d0
SSDEEP

24576:JM3rm7OeLqMWwmQZ9sgAZioPaWW7Ak1Op+gqYV10:JMPeLqVCU7pqb

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

109.201.165.20:1604

Mutex

DC_MUTEX-QX9XR2U

Attributes

gencode
q-B9XY.uACb2
install
false
offline_keylogger
false
persistence
false

rc4.plain

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_bd13e46b816b8e46527a64a35b32882f
- Size
  
  2.4MB
- MD5
  
  bd13e46b816b8e46527a64a35b32882f
- SHA1
  
  3e85ff50d2059b2ff2292fe2a0d1eceab0e71fcd
- SHA256
  
  ddf83a8699f5db890b48d3b29b43fc6d39f32307cd091cad965e24011d49f01a
- SHA512
  
  2ce91782f7137655567a4c9262795d6b659ae505cb5d054d9d32df0920c0607376ba15871205a4b364d64f5443226277d654ffb93ba5353005b59e0246f2b2d0
- SSDEEP
  
  24576:JM3rm7OeLqMWwmQZ9sgAZioPaWW7Ak1Op+gqYV10:JMPeLqVCU7pqb
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

5

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Darkcomet family

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2