darkcomet | 79ad6abe442b9e7120ca8b44d9c5f4a187d67d27d25d7ce2be64f011431633a0 | Triage

Sharing

General

Target

79ad6abe442b9e7120ca8b44d9c5f4a187d67d27d25d7ce2be64f011431633a0
Size

544KB
Sample

211005-rt11saacel
MD5

70370dcb2ad41fb78d0439236518c6c2
SHA1

35d86808ab71511ca0aaf5268dad6644718d3eb3
SHA256

79ad6abe442b9e7120ca8b44d9c5f4a187d67d27d25d7ce2be64f011431633a0
SHA512

7d697c6a89c0b9b7eb57ba4df5feba4aeac410187187ab67779f8f300eb7f908925df62ef9b11923337f55b4a805ef68c719432caa3c880d1d26c63cd35fb0ee

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sommerishere.sytes.net:1678

ommerishere.sytes.net:1678

ommerishere.sytes.net:1679

Mutex

DC_MUTEX-3YA4GBR

Attributes

gencode
C8EBUD2QBFHF
install
false
offline_keylogger
true
password
likethat@123
persistence
false

Targets

- Target
  
  79ad6abe442b9e7120ca8b44d9c5f4a187d67d27d25d7ce2be64f011431633a0
- Size
  
  544KB
- MD5
  
  70370dcb2ad41fb78d0439236518c6c2
- SHA1
  
  35d86808ab71511ca0aaf5268dad6644718d3eb3
- SHA256
  
  79ad6abe442b9e7120ca8b44d9c5f4a187d67d27d25d7ce2be64f011431633a0
- SHA512
  
  7d697c6a89c0b9b7eb57ba4df5feba4aeac410187187ab67779f8f300eb7f908925df62ef9b11923337f55b4a805ef68c719432caa3c880d1d26c63cd35fb0ee
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan