darkcomet | c40927f26f16d7573800843bd1970c9d8f257e57dcd4e34eccda4dadd539fee0 | Triage

Submit
Reports

Overview

overview

Static

static

3

1afee45b1a...18.exe

windows7-x64

1afee45b1a...18.exe

windows10-2004-x64

Sharing

General

Target

1afee45b1af1049ebd98e883ebb891f7_JaffaCakes118
Size

726KB
Sample

240701-mtrd5azgkr
MD5

1afee45b1af1049ebd98e883ebb891f7
SHA1

b20d0417b3d9e37d37119e2fe6a25f9d5321622b
SHA256

c40927f26f16d7573800843bd1970c9d8f257e57dcd4e34eccda4dadd539fee0
SHA512

6a06b29cb5a5f15dd3283167e5b7274e461aede85bb3b6066470a9fd61d6a0e41200ac1c1ae402f0ee954ee62841e452b32e7b8c1f73eab5b38b9eddc987c329
SSDEEP

12288:/8QzMxO8IAtfzUeSCpe6KBYLDMPe170B8aOkkluU8v6DYURhMmY3eVv1YQgEX0PH:/8vxciQALDMPL8WhU8vcJceVv1a1MQ1r

Score

10^/10

darkcomet chimie rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1afee45b1af1049ebd98e883ebb891f7_JaffaCakes118.exe

Resource

win7-20240220-en

darkcomet chimie rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1afee45b1af1049ebd98e883ebb891f7_JaffaCakes118.exe

Resource

win10v2004-20240226-en

darkcomet chimie rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

CHIMIE

C2

makesure.zapto.org:1000

makesure.zapto.org:1604

Mutex

DC_MUTEX-756RWYZ

Attributes

gencode
9V01bHaCRv71
install
false
offline_keylogger
true
password
123456
persistence
false

Targets

- Target
  
  1afee45b1af1049ebd98e883ebb891f7_JaffaCakes118
- Size
  
  726KB
- MD5
  
  1afee45b1af1049ebd98e883ebb891f7
- SHA1
  
  b20d0417b3d9e37d37119e2fe6a25f9d5321622b
- SHA256
  
  c40927f26f16d7573800843bd1970c9d8f257e57dcd4e34eccda4dadd539fee0
- SHA512
  
  6a06b29cb5a5f15dd3283167e5b7274e461aede85bb3b6066470a9fd61d6a0e41200ac1c1ae402f0ee954ee62841e452b32e7b8c1f73eab5b38b9eddc987c329
- SSDEEP
  
  12288:/8QzMxO8IAtfzUeSCpe6KBYLDMPe170B8aOkkluU8v6DYURhMmY3eVv1YQgEX0PH:/8vxciQALDMPL8WhU8vcJceVv1a1MQ1r
Score

10^/10

darkcomet chimie rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometchimierattrojan

behavioral2

darkcometchimierattrojan

© 2018-2024

Terms | Privacy