darkcomet | 49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94 | Triage

Sharing

General

Target

49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
Size

544KB
Sample

220714-ba26qshfe7
MD5

8ebb4c054d2872a208baba4f2d6d4c35
SHA1

8c3c349de7b8a251a415634892081e192d3897ab
SHA256

49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
SHA512

3cc09d2e2e71ec1042e2a5e9480566dacf28ad251f6b102f3d4c05825060de83f859ef01d5362906cb12cbde0f261f0bfe0e81e0062a1105289e682d3ff54236

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

aca33.no-ip.biz:1088

Mutex

DC_MUTEX-JCDE4M2

Attributes

gencode
82Yjkqrl1Z2U
install
false
offline_keylogger
true
password
penis3311
persistence
false

Targets

- Target
  
  49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
- Size
  
  544KB
- MD5
  
  8ebb4c054d2872a208baba4f2d6d4c35
- SHA1
  
  8c3c349de7b8a251a415634892081e192d3897ab
- SHA256
  
  49135d58b75a7f25cd28d53cc7e65aa71401e039f1654cd7fab3bb9be7d43f94
- SHA512
  
  3cc09d2e2e71ec1042e2a5e9480566dacf28ad251f6b102f3d4c05825060de83f859ef01d5362906cb12cbde0f261f0bfe0e81e0062a1105289e682d3ff54236
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan