darkcomet | fec308cdd8d99442ffe61514fa23b7c3d87a2646d3db4ddc9edb934e6c2386ea | Triage

Submit
Reports

Overview

overview

Static

static

3

09d1fe5e8e...18.exe

windows7-x64

09d1fe5e8e...18.exe

windows10-2004-x64

Sharing

General

Target

09d1fe5e8e9c8ee844ffd4af527bceb0_JaffaCakes118
Size

392KB
Sample

240624-vv97matdre
MD5

09d1fe5e8e9c8ee844ffd4af527bceb0
SHA1

e41d7e28b8873112f9399dc3f15d5442f4833b7a
SHA256

fec308cdd8d99442ffe61514fa23b7c3d87a2646d3db4ddc9edb934e6c2386ea
SHA512

5a32934f9b006e608d4a02e4c73b1b306679e31a89d87c56dd33167eeac023b222a0f42d765d7bc5ac4a57a773bf2f64e71744b55af410136971eac0cb38697b
SSDEEP

12288:qzrbgfQXhVQ0reKnkuHp9+D4L+f1BBa2i6qNIiJxw7peAE4adMJiky10uJcy:qcD4Sf1fafxgDoUyTz

Score

10^/10

darkcomet guest16 rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

09d1fe5e8e9c8ee844ffd4af527bceb0_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet guest16 rat trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

09d1fe5e8e9c8ee844ffd4af527bceb0_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet guest16 rat trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
fVRrFeJaQvRk
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  09d1fe5e8e9c8ee844ffd4af527bceb0_JaffaCakes118
- Size
  
  392KB
- MD5
  
  09d1fe5e8e9c8ee844ffd4af527bceb0
- SHA1
  
  e41d7e28b8873112f9399dc3f15d5442f4833b7a
- SHA256
  
  fec308cdd8d99442ffe61514fa23b7c3d87a2646d3db4ddc9edb934e6c2386ea
- SHA512
  
  5a32934f9b006e608d4a02e4c73b1b306679e31a89d87c56dd33167eeac023b222a0f42d765d7bc5ac4a57a773bf2f64e71744b55af410136971eac0cb38697b
- SSDEEP
  
  12288:qzrbgfQXhVQ0reKnkuHp9+D4L+f1BBa2i6qNIiJxw7peAE4adMJiky10uJcy:qcD4Sf1fafxgDoUyTz
Score

10^/10

darkcomet guest16 rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojanupx

behavioral2

darkcometguest16rattrojanupx

© 2018-2024

Terms | Privacy