darkcomet | 6d9c353dc658f47d47d01c5e58d60b562cea4f2d22c233ea46913d0b5596113a | Triage

Sharing

General

Target

bbdec755964b8bf23a09498831dcca47.exe
Size

656KB
Sample

211006-lfb7lsahf5
MD5

bbdec755964b8bf23a09498831dcca47
SHA1

ba7b48208197ff675d03268e14f05ed7808c67bc
SHA256

6d9c353dc658f47d47d01c5e58d60b562cea4f2d22c233ea46913d0b5596113a
SHA512

600c4164a2147733e76faf0c69a2e921b006352f92eed60e4fad2cfd858964569524850c673af7494adafbcd3b2f78c0a0d7c0d2c6134c1580e5197665ad9441

Score

10^/10

darkcomet guest16 persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sommerishere.sytes.net:1678

ommerishere.sytes.net:1678

ommerishere.sytes.net:1679

Mutex

DC_MUTEX-3YA4GBR

Attributes

gencode
C8EBUD2QBFHF
install
false
offline_keylogger
true
password
likethat@123
persistence
false

Targets

- Target
  
  bbdec755964b8bf23a09498831dcca47.exe
- Size
  
  656KB
- MD5
  
  bbdec755964b8bf23a09498831dcca47
- SHA1
  
  ba7b48208197ff675d03268e14f05ed7808c67bc
- SHA256
  
  6d9c353dc658f47d47d01c5e58d60b562cea4f2d22c233ea46913d0b5596113a
- SHA512
  
  600c4164a2147733e76faf0c69a2e921b006352f92eed60e4fad2cfd858964569524850c673af7494adafbcd3b2f78c0a0d7c0d2c6134c1580e5197665ad9441
Score

10^/10

darkcomet guest16 persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16persistencerattrojan

behavioral2

darkcometguest16persistencerattrojan