darkcomet | 8c8404d86e596eaf146b2fb64ef8de7d68a171f11299a6e8d8278bfc154fc1e8 | Triage

Sharing

General

Target

8c8404d86e596eaf146b2fb64ef8de7d68a171f11299a6e8d8278bfc154fc1e8
Size

917KB
Sample

221003-b56seacfam
MD5

09c7e270edd2b1d6c7745cbf69b56a46
SHA1

dbdec59aec3e7f9ec431433fb23816b6651ee050
SHA256

8c8404d86e596eaf146b2fb64ef8de7d68a171f11299a6e8d8278bfc154fc1e8
SHA512

883826e7880a09f4744eb909197e4ea5afd75a79889349b7df3eeebc29bc8f6d4908f562c99947e788daa4d470bc1bb1f7e60a0afb5389b31359e47feaa10f66
SSDEEP

12288:g+C96lnbXlq1YHms0iNf7P9JMmJzwYId1TsJQH5A3qOkXryZpOsLjpHcvvYuTg5Y:sElnbXU1YGxI9JPtYIuZjbq9+vx5

Score

10^/10

darkcomet modiloader guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

maniaco3.no-ip.org:1604

Mutex

DC_MUTEX-ZAD1XZ4

Attributes

gencode
2YQnQNYkNUXu
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  8c8404d86e596eaf146b2fb64ef8de7d68a171f11299a6e8d8278bfc154fc1e8
- Size
  
  917KB
- MD5
  
  09c7e270edd2b1d6c7745cbf69b56a46
- SHA1
  
  dbdec59aec3e7f9ec431433fb23816b6651ee050
- SHA256
  
  8c8404d86e596eaf146b2fb64ef8de7d68a171f11299a6e8d8278bfc154fc1e8
- SHA512
  
  883826e7880a09f4744eb909197e4ea5afd75a79889349b7df3eeebc29bc8f6d4908f562c99947e788daa4d470bc1bb1f7e60a0afb5389b31359e47feaa10f66
- SSDEEP
  
  12288:g+C96lnbXlq1YHms0iNf7P9JMmJzwYId1TsJQH5A3qOkXryZpOsLjpHcvvYuTg5Y:sElnbXU1YGxI9JPtYIuZjbq9+vx5
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan