darkcomet | 6bd08d58966c74dc2a5bf37e649b154a160656f1a785ae20d306650e30b5abb5 | Triage

Sharing

General

Target

6bd08d58966c74dc2a5bf37e649b154a160656f1a785ae20d306650e30b5abb5
Size

748KB
Sample

220919-q8va4sbgd2
MD5

0ad470e99085fbeb5082688adf55e8b5
SHA1

f6841dc30255770e26d9338d6ed18ee8768cf870
SHA256

6bd08d58966c74dc2a5bf37e649b154a160656f1a785ae20d306650e30b5abb5
SHA512

40fbe8a54521c99a65e9fbc0eeca4b51e91781fe73855c2af077b75d891bc53872a1e9c5a45ff0a942f4f098060756b37bcb62779c3675844fb63d94ab4ba32a
SSDEEP

12288:vbyCXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy4n:NnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jv

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

megabit10.no-ip.biz:1604

Mutex

DC_MUTEX-7ENZQGM

Attributes

gencode
SJARHgaMCGfW
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  6bd08d58966c74dc2a5bf37e649b154a160656f1a785ae20d306650e30b5abb5
- Size
  
  748KB
- MD5
  
  0ad470e99085fbeb5082688adf55e8b5
- SHA1
  
  f6841dc30255770e26d9338d6ed18ee8768cf870
- SHA256
  
  6bd08d58966c74dc2a5bf37e649b154a160656f1a785ae20d306650e30b5abb5
- SHA512
  
  40fbe8a54521c99a65e9fbc0eeca4b51e91781fe73855c2af077b75d891bc53872a1e9c5a45ff0a942f4f098060756b37bcb62779c3675844fb63d94ab4ba32a
- SSDEEP
  
  12288:vbyCXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy4n:NnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jv
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan