darkcomet | b41b5ff0e615b7a551ed96226e1e159353567cc8f6a3aa4afe2b0df193b2d716 | Triage

Sharing

General

Target

b41b5ff0e615b7a551ed96226e1e159353567cc8f6a3aa4afe2b0df193b2d716
Size

1014KB
Sample

221123-qkycvshc2v
MD5

fc36609a54c8f09988e46d3f14cdbe8e
SHA1

59668fde8e4303bef1000bc6a2d179d6001c1bf4
SHA256

b41b5ff0e615b7a551ed96226e1e159353567cc8f6a3aa4afe2b0df193b2d716
SHA512

34de0feb1a2e0a4fd538d6c8083340998230e748fd8a3d12bf51751eff62af1ef3044e7e663760cb17bad3e548a45d75e8d9f1d6803c7a31246157423dae6d1c
SSDEEP

12288:uXhcWNAzVJmM55U4j1DIuddcQsfXXKktxADIAP+RNJCH5fZlP:iBNArmMPU4jqudBcXHtxyIpB4TP

Score

10^/10

darkcomet csgo rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

csgo

C2

hyptonix.ddns.net:1604

Mutex

DCMIN_MUTEX-LYN9LYG

Attributes

gencode
guRWof92yMZb
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  b41b5ff0e615b7a551ed96226e1e159353567cc8f6a3aa4afe2b0df193b2d716
- Size
  
  1014KB
- MD5
  
  fc36609a54c8f09988e46d3f14cdbe8e
- SHA1
  
  59668fde8e4303bef1000bc6a2d179d6001c1bf4
- SHA256
  
  b41b5ff0e615b7a551ed96226e1e159353567cc8f6a3aa4afe2b0df193b2d716
- SHA512
  
  34de0feb1a2e0a4fd538d6c8083340998230e748fd8a3d12bf51751eff62af1ef3044e7e663760cb17bad3e548a45d75e8d9f1d6803c7a31246157423dae6d1c
- SSDEEP
  
  12288:uXhcWNAzVJmM55U4j1DIuddcQsfXXKktxADIAP+RNJCH5fZlP:iBNArmMPU4jqudBcXHtxyIpB4TP
Score

10^/10

darkcomet csgo rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometcsgorattrojan

behavioral2

darkcometcsgorattrojan