darkcomet | 28254c048dfaf66d91494ba8e64ae6261e9e370e35a9b2247fb909752f1f139d | Triage

Sharing

General

Target

28254c048dfaf66d91494ba8e64ae6261e9e370e35a9b2247fb909752f1f139d
Size

544KB
Sample

211005-wx8l9aaedr
MD5

91f1d5a814360fab1ebd14511c1cca2d
SHA1

50c022e41a38d44cdd2cfed66477b6206d291b7f
SHA256

28254c048dfaf66d91494ba8e64ae6261e9e370e35a9b2247fb909752f1f139d
SHA512

6ce276036fefc34129869d57c3832e405bac772bf2d5895074d69098c97d0dd020ef1b30f440c92c7760fc479f1a0cd8a80d61e45c8470b9ed4460c882ce74d3

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sommerishere.sytes.net:1678

ommerishere.sytes.net:1678

ommerishere.sytes.net:1679

Mutex

DC_MUTEX-3YA4GBR

Attributes

gencode
C8EBUD2QBFHF
install
false
offline_keylogger
true
password
likethat@123
persistence
false

Targets

- Target
  
  28254c048dfaf66d91494ba8e64ae6261e9e370e35a9b2247fb909752f1f139d
- Size
  
  544KB
- MD5
  
  91f1d5a814360fab1ebd14511c1cca2d
- SHA1
  
  50c022e41a38d44cdd2cfed66477b6206d291b7f
- SHA256
  
  28254c048dfaf66d91494ba8e64ae6261e9e370e35a9b2247fb909752f1f139d
- SHA512
  
  6ce276036fefc34129869d57c3832e405bac772bf2d5895074d69098c97d0dd020ef1b30f440c92c7760fc479f1a0cd8a80d61e45c8470b9ed4460c882ce74d3
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan