darkcomet | 921a5999641713980a5b1d8b0ff845686c05cf656275388a4c7b92bc17a3169b | Triage

Submit
Reports

Overview

overview

Static

static

3

0fc01dda9c...18.exe

windows7-x64

0fc01dda9c...18.exe

windows10-2004-x64

Sharing

General

Target

0fc01dda9ca1fca3e8a8316617e825c9_JaffaCakes118
Size

961KB
Sample

240625-2b1meaxdlg
MD5

0fc01dda9ca1fca3e8a8316617e825c9
SHA1

c59e099a59976111753a90e79fa42d9677692f83
SHA256

921a5999641713980a5b1d8b0ff845686c05cf656275388a4c7b92bc17a3169b
SHA512

4d28e2ee8ea384e536ad4f6652a5f6f1db5769cf8e93d82ef88ed681afd994ea272a5bc053dbf963a36ffeff6d9a2a7d9a15b2758c0cd892e6d2eb29b5a68764
SSDEEP

24576:v4HjMghBf97bDHzfdEpGNqCL9OcsSyvDfx:v4YkFbTzVEpGN34csnDZ

Score

10^/10

darkcomet guest16 rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fc01dda9ca1fca3e8a8316617e825c9_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet guest16 rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fc01dda9ca1fca3e8a8316617e825c9_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet guest16 rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

pseudonymous44.no-ip.org:1604

Mutex

DC_MUTEX-ECC8KAC

Attributes

gencode
0bjfcDMc6a11
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  0fc01dda9ca1fca3e8a8316617e825c9_JaffaCakes118
- Size
  
  961KB
- MD5
  
  0fc01dda9ca1fca3e8a8316617e825c9
- SHA1
  
  c59e099a59976111753a90e79fa42d9677692f83
- SHA256
  
  921a5999641713980a5b1d8b0ff845686c05cf656275388a4c7b92bc17a3169b
- SHA512
  
  4d28e2ee8ea384e536ad4f6652a5f6f1db5769cf8e93d82ef88ed681afd994ea272a5bc053dbf963a36ffeff6d9a2a7d9a15b2758c0cd892e6d2eb29b5a68764
- SSDEEP
  
  24576:v4HjMghBf97bDHzfdEpGNqCL9OcsSyvDfx:v4YkFbTzVEpGN34csnDZ
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan

© 2018-2024

Terms | Privacy