darkcomet | c71228dd40c9cca4cf7dbd4d36bd92b3857ce006fbdadba7607457d8d04678e5 | Triage

Submit
Reports

Overview

overview

Static

static

1593241035...18.exe

windows7-x64

1593241035...18.exe

windows10-2004-x64

Sharing

General

Target

1593241035013c441a7a4b0facf68d11_JaffaCakes118
Size

1.4MB
Sample

240627-lzj2kavfqd
MD5

1593241035013c441a7a4b0facf68d11
SHA1

ebb2690cc893204a574ca94945d76359f88edd8b
SHA256

c71228dd40c9cca4cf7dbd4d36bd92b3857ce006fbdadba7607457d8d04678e5
SHA512

318945ed544a202c4ec8d09bce921ef3c9c9336dee16f633106cbebca7fa53b09dc390fafe024d214f4392eb46a6c08b6d5467876ad31693b110eda20fa2c5fd
SSDEEP

24576:knAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpkgX51oiyzZozG7XVNyVbZ:OELbVMTrOq4GgX51py17XnyxZ

Score

10^/10

darkcomet guest16 rat trojan

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

1593241035013c441a7a4b0facf68d11_JaffaCakes118.exe

Resource

win7-20240419-en

darkcomet guest16 rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1593241035013c441a7a4b0facf68d11_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet guest16 rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

dr-hacker.no-ip.org:81

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
4mFiu4NvJRJC
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  1593241035013c441a7a4b0facf68d11_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  1593241035013c441a7a4b0facf68d11
- SHA1
  
  ebb2690cc893204a574ca94945d76359f88edd8b
- SHA256
  
  c71228dd40c9cca4cf7dbd4d36bd92b3857ce006fbdadba7607457d8d04678e5
- SHA512
  
  318945ed544a202c4ec8d09bce921ef3c9c9336dee16f633106cbebca7fa53b09dc390fafe024d214f4392eb46a6c08b6d5467876ad31693b110eda20fa2c5fd
- SSDEEP
  
  24576:knAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJfpkgX51oiyzZozG7XVNyVbZ:OELbVMTrOq4GgX51py17XnyxZ
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan

© 2018-2024

Terms | Privacy