darkcomet | ff93148d8c664fa2779cb233c16f3988f62521209f1889f0fb869b5c48096b70 | Triage

Submit
Reports

Overview

overview

Static

static

1c20bb6cec...18.exe

windows7-x64

1c20bb6cec...18.exe

windows10-2004-x64

Sharing

General

Target

1c20bb6cec6ede067e2aacc792757c31_JaffaCakes118
Size

674KB
Sample

240701-xkhezaxfkp
MD5

1c20bb6cec6ede067e2aacc792757c31
SHA1

a94bfab56e8239be381bd8f1577caa62927b5fa9
SHA256

ff93148d8c664fa2779cb233c16f3988f62521209f1889f0fb869b5c48096b70
SHA512

d5826d9a787e8e8f1eec8f9f0cfaff145120a8b421f304be8885ce3d6714e97cc8531b5509d6eb0015e10c8ebf9b1f64582a7f74bc513176bd6c82d5034efa2b
SSDEEP

12288:Ek0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+8:10QRWoJEfg0oChGdJQbjPbNW5tYeP+GR

Score

10^/10

darkcomet guest16 rat trojan

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

1c20bb6cec6ede067e2aacc792757c31_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet guest16 rat trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c20bb6cec6ede067e2aacc792757c31_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet guest16 rat trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

mo-68.no-ip.info:1604

Mutex

DC_MUTEX-2SM0DL6

Attributes

gencode
SxoqZ9pbswT0
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  1c20bb6cec6ede067e2aacc792757c31_JaffaCakes118
- Size
  
  674KB
- MD5
  
  1c20bb6cec6ede067e2aacc792757c31
- SHA1
  
  a94bfab56e8239be381bd8f1577caa62927b5fa9
- SHA256
  
  ff93148d8c664fa2779cb233c16f3988f62521209f1889f0fb869b5c48096b70
- SHA512
  
  d5826d9a787e8e8f1eec8f9f0cfaff145120a8b421f304be8885ce3d6714e97cc8531b5509d6eb0015e10c8ebf9b1f64582a7f74bc513176bd6c82d5034efa2b
- SSDEEP
  
  12288:Ek0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+8:10QRWoJEfg0oChGdJQbjPbNW5tYeP+GR
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan

© 2018-2024

Terms | Privacy