darkcomet | ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc | Triage

Sharing

General

Target

ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
Size

1.2MB
Sample

221122-b882yaeg57
MD5

caa5e0f9ad65c916c8a3de2477b2fa76
SHA1

c97188979e44ab1d7c367d37e63867db7c278867
SHA256

ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
SHA512

d36ef9dd8bd5589136c95b7abb6606678e51710568cebed2c9d2103a2c620dfb787db48bb16773ed6dad8492263402a6aab6c1782bf57911ed606ab4a703d1e3
SSDEEP

24576:ds62Ca9jg62yGZ1xuVVjfFoynPaVBUR8f+kN10EBb62Y:ds6Zwjg6ZWQDgok30E6H

Score

10^/10

darkcomet slaves rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Slaves

C2

lad.servemp3.com:82

Mutex

DC_MUTEX-4U57YHP

Attributes

gencode
9hFQqDh14ZfY
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
- Size
  
  1.2MB
- MD5
  
  caa5e0f9ad65c916c8a3de2477b2fa76
- SHA1
  
  c97188979e44ab1d7c367d37e63867db7c278867
- SHA256
  
  ae955de0adbd770e1bb514715f4573388bbc7e90c99aeaca2b65c4161b3435cc
- SHA512
  
  d36ef9dd8bd5589136c95b7abb6606678e51710568cebed2c9d2103a2c620dfb787db48bb16773ed6dad8492263402a6aab6c1782bf57911ed606ab4a703d1e3
- SSDEEP
  
  24576:ds62Ca9jg62yGZ1xuVVjfFoynPaVBUR8f+kN10EBb62Y:ds6Zwjg6ZWQDgok30E6H
Score

10^/10

darkcomet slaves rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometslavesrattrojan

behavioral2

darkcometslavesrattrojan