darkcomet | 0ee26e7a681c5fe941a5e1c828bc52a408df1e52993c65de2b2e083b2f775b13 | Triage

Sharing

General

Target

0ee26e7a681c5fe941a5e1c828bc52a408df1e52993c65de2b2e083b2f775b13
Size

688KB
Sample

221003-tmkfkaebgm
MD5

6cdbb491eab99fa8226867ca78d56870
SHA1

ae257961401479c9498eaa93c47a4949270c7fb4
SHA256

0ee26e7a681c5fe941a5e1c828bc52a408df1e52993c65de2b2e083b2f775b13
SHA512

ceb06c41ae7e6ed3d2e13904ea0933e9798ef96b5104c7dddb543a76dad2ec556d3c6fa9ee8bf9c404830b752e41fea62da9e3ce44e1ddbead914e8a007fc49e
SSDEEP

12288:mEcbrIMc2YN4sTxKy1xgeNEbqPmdabYSgTxPf/Kmh7Yi+2x:mE00D2YN4gxKy1WeNEIwS0PnMi+o

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-CBXA5V1

Attributes

gencode
sB3dsQKK9evD
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  0ee26e7a681c5fe941a5e1c828bc52a408df1e52993c65de2b2e083b2f775b13
- Size
  
  688KB
- MD5
  
  6cdbb491eab99fa8226867ca78d56870
- SHA1
  
  ae257961401479c9498eaa93c47a4949270c7fb4
- SHA256
  
  0ee26e7a681c5fe941a5e1c828bc52a408df1e52993c65de2b2e083b2f775b13
- SHA512
  
  ceb06c41ae7e6ed3d2e13904ea0933e9798ef96b5104c7dddb543a76dad2ec556d3c6fa9ee8bf9c404830b752e41fea62da9e3ce44e1ddbead914e8a007fc49e
- SSDEEP
  
  12288:mEcbrIMc2YN4sTxKy1xgeNEbqPmdabYSgTxPf/Kmh7Yi+2x:mE00D2YN4gxKy1WeNEIwS0PnMi+o
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan