darkcomet | 51ec26d5e74978479605310e9d0d9ae95d8c757815a59414675c1abcfc402731 | Triage

Sharing

General

Target

51ec26d5e74978479605310e9d0d9ae95d8c757815a59414675c1abcfc402731
Size

723KB
Sample

220919-cakgcsfdck
MD5

405a7c8ce43495472b9cf657e5e9146d
SHA1

b5a8f51aa534d3810fe703484cc42abd207bebac
SHA256

51ec26d5e74978479605310e9d0d9ae95d8c757815a59414675c1abcfc402731
SHA512

b814debe07c1d6be624d3a46ee29b5cbcc169e18fc360a8b166167eac01c8c0ef83bc004bae04672f03b6a7701dee1f0aa7812ca2bb74117f6b7ce3f88cb6467
SSDEEP

12288:dQagJn/vJWZ0tDFgpM+UPneKm8/C6uwYtU7z3v+Om9MOsLY4Eda7:dSFvJWZuDSm+C2y/PYtF/MOAJZ

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-U4NPZL2

Attributes

gencode
PrbNySYPHXfQ
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  51ec26d5e74978479605310e9d0d9ae95d8c757815a59414675c1abcfc402731
- Size
  
  723KB
- MD5
  
  405a7c8ce43495472b9cf657e5e9146d
- SHA1
  
  b5a8f51aa534d3810fe703484cc42abd207bebac
- SHA256
  
  51ec26d5e74978479605310e9d0d9ae95d8c757815a59414675c1abcfc402731
- SHA512
  
  b814debe07c1d6be624d3a46ee29b5cbcc169e18fc360a8b166167eac01c8c0ef83bc004bae04672f03b6a7701dee1f0aa7812ca2bb74117f6b7ce3f88cb6467
- SSDEEP
  
  12288:dQagJn/vJWZ0tDFgpM+UPneKm8/C6uwYtU7z3v+Om9MOsLY4Eda7:dSFvJWZuDSm+C2y/PYtF/MOAJZ
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan