darkcomet | 63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412 | Triage

Sharing

General

Target

63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
Size

389KB
Sample

221120-khpp2shg4v
MD5

250a1a4c32feba7e2148f4e6048b8350
SHA1

70e2397aac72b94ced3f1f80107e2406adeebafa
SHA256

63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
SHA512

39a39305dc914bd1c61c9ef6f2a8f6e52a264d7adfcc02dd42b0cf1c714609e7febf9ed7461dc2c7be37f0e56954d043f9698146486a094440ffd20696769ee5
SSDEEP

12288:oMtmhGDx90PfxPeYBKAjYh7RnFysc93nAK:lx92evnyXOK

Score

10^/10

darkcomet zombie rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Zombie

C2

y29kzv93yxjfnta5.no-ip.org:500

Mutex

DC_MUTEX-KB194P8

Attributes

gencode
ywG7u7LU1KaH
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
- Size
  
  389KB
- MD5
  
  250a1a4c32feba7e2148f4e6048b8350
- SHA1
  
  70e2397aac72b94ced3f1f80107e2406adeebafa
- SHA256
  
  63dbc8dfdbca1ea99a1e446b403af0cbfc637f03f201fe5b8acd45d45630d412
- SHA512
  
  39a39305dc914bd1c61c9ef6f2a8f6e52a264d7adfcc02dd42b0cf1c714609e7febf9ed7461dc2c7be37f0e56954d043f9698146486a094440ffd20696769ee5
- SSDEEP
  
  12288:oMtmhGDx90PfxPeYBKAjYh7RnFysc93nAK:lx92evnyXOK
Score

10^/10

darkcomet zombie rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometzombierattrojan

behavioral2

darkcometzombierattrojan