darkcomet | d2799d83e4d3c952e7f37caf3c2a0df1039a96ae600d53e7323e224745667903 | Triage

Sharing

General

Target

d2799d83e4d3c952e7f37caf3c2a0df1039a96ae600d53e7323e224745667903
Size

658KB
Sample

221122-y3l2jsfg56
MD5

ccc7fa962a403ca8c7cf0c713afd8bc6
SHA1

e5146146d74d630713414e92d025be1a8da70d5c
SHA256

d2799d83e4d3c952e7f37caf3c2a0df1039a96ae600d53e7323e224745667903
SHA512

d93a76914c750b6d2a77de9fe583e3a64d54aa8cf27d4c61dbd0e0b6682e49ec56aafef4ac34188bb7194af66020aa972a56adb98f36ba531fb090e9064e84e8
SSDEEP

12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hT:mZ1xuVVjfFoynPaVBUR8f+kN10EB1

Score

10^/10

darkcomet rex rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

ReX

C2

alliedpurchase5431.ddns.net:2099

Mutex

DC_MUTEX-XMJT5N0

Attributes

gencode
6o6kfrwCrQoE
install
false
offline_keylogger
true
password
chase5431
persistence
false

Targets

- Target
  
  d2799d83e4d3c952e7f37caf3c2a0df1039a96ae600d53e7323e224745667903
- Size
  
  658KB
- MD5
  
  ccc7fa962a403ca8c7cf0c713afd8bc6
- SHA1
  
  e5146146d74d630713414e92d025be1a8da70d5c
- SHA256
  
  d2799d83e4d3c952e7f37caf3c2a0df1039a96ae600d53e7323e224745667903
- SHA512
  
  d93a76914c750b6d2a77de9fe583e3a64d54aa8cf27d4c61dbd0e0b6682e49ec56aafef4ac34188bb7194af66020aa972a56adb98f36ba531fb090e9064e84e8
- SSDEEP
  
  12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hT:mZ1xuVVjfFoynPaVBUR8f+kN10EB1
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan