darkcomet | b9220af32c1f120b9ef5ff1ef00f215ad5548546f0ff883b7e184e3fa4dc3179 | Triage

Sharing

General

Target

b9220af32c1f120b9ef5ff1ef00f215ad5548546f0ff883b7e184e3fa4dc3179
Size

480KB
Sample

221123-s69n5agc5v
MD5

3c7e0a467e0f70f2296f5f866adf5093
SHA1

36531907e9a331226cd754dfd5fca79f5d3a0b25
SHA256

b9220af32c1f120b9ef5ff1ef00f215ad5548546f0ff883b7e184e3fa4dc3179
SHA512

9ebb345fefe55e59ef77749c9b79a9b3e2e7a63360fc5cc884b0e39434926e787052a8c8f3e1f4b7f3835d7db6112f4b487cf3a917329a1fa1d567a09b8429f4
SSDEEP

12288:bgAEHD+lRMtTgVRXlzoFYaGOxutLyM4hYpPg3e:8j+4BgVRl0Fl6I

Score

10^/10

darkcomet guest16_min persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

DarkxStormZz.mooo.com:1604

Mutex

DCMIN_MUTEX-5LQ7BM8

Attributes

gencode
pszLU1UQLQm4
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  b9220af32c1f120b9ef5ff1ef00f215ad5548546f0ff883b7e184e3fa4dc3179
- Size
  
  480KB
- MD5
  
  3c7e0a467e0f70f2296f5f866adf5093
- SHA1
  
  36531907e9a331226cd754dfd5fca79f5d3a0b25
- SHA256
  
  b9220af32c1f120b9ef5ff1ef00f215ad5548546f0ff883b7e184e3fa4dc3179
- SHA512
  
  9ebb345fefe55e59ef77749c9b79a9b3e2e7a63360fc5cc884b0e39434926e787052a8c8f3e1f4b7f3835d7db6112f4b487cf3a917329a1fa1d567a09b8429f4
- SSDEEP
  
  12288:bgAEHD+lRMtTgVRXlzoFYaGOxutLyM4hYpPg3e:8j+4BgVRl0Fl6I
Score

10^/10

darkcomet guest16_min persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan