darkcomet | 10cc4764727766b61cf97b1cd4412cd2112aab19ae4a4638f6020ccc25ff5f93 | Triage

Sharing

General

Target

10cc4764727766b61cf97b1cd4412cd2112aab19ae4a4638f6020ccc25ff5f93
Size

746KB
Sample

221029-3r4vfacbc2
MD5

494cbe77b07e140362d5d50538af6710
SHA1

520dfd2120c5b1c974998cf3f4d0c31fa3b75762
SHA256

10cc4764727766b61cf97b1cd4412cd2112aab19ae4a4638f6020ccc25ff5f93
SHA512

509dd772ce37eba5e910568051299a43646e5bd86f546efc5d3728337918f233f6bda3744ab22b882684f3203258ac5390fe1b032681ac98475f5fc782205b20
SSDEEP

12288:pKgGtQ5idun7RE529VLgoSf9dyFVuIQ/jLNp1c9KZ8:pXGt8idO1EG/zuRzZ8

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-TZL3BF9

Attributes

gencode
F5sgxrM1xDFj
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  10cc4764727766b61cf97b1cd4412cd2112aab19ae4a4638f6020ccc25ff5f93
- Size
  
  746KB
- MD5
  
  494cbe77b07e140362d5d50538af6710
- SHA1
  
  520dfd2120c5b1c974998cf3f4d0c31fa3b75762
- SHA256
  
  10cc4764727766b61cf97b1cd4412cd2112aab19ae4a4638f6020ccc25ff5f93
- SHA512
  
  509dd772ce37eba5e910568051299a43646e5bd86f546efc5d3728337918f233f6bda3744ab22b882684f3203258ac5390fe1b032681ac98475f5fc782205b20
- SSDEEP
  
  12288:pKgGtQ5idun7RE529VLgoSf9dyFVuIQ/jLNp1c9KZ8:pXGt8idO1EG/zuRzZ8
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan