darkcomet | 522f5a26d24f2aa64e7a6c0d0c437e89e6aa56e5d93d848ec95eb21fc406d59a | Triage

Sharing

General

Target

522f5a26d24f2aa64e7a6c0d0c437e89e6aa56e5d93d848ec95eb21fc406d59a
Size

699KB
Sample

221125-wbglmsda35
MD5

1a91a89bfc87b526e69280abeb3e528e
SHA1

a0ef34b93142a4c02f9b8dab81fccd48b290211b
SHA256

522f5a26d24f2aa64e7a6c0d0c437e89e6aa56e5d93d848ec95eb21fc406d59a
SHA512

787c237f4ff7cdf5e48c4fd8800ebad33a0e0369819286cd285eb6facb78f29ec65295bcfbe3f8e9f5debae0ebcf1955fb0795e046760fceb47664cd04c01bf7
SSDEEP

12288:5gPNTrkQIgegZYsO165OOfYFc9koGg1+8faI+nQ+xtEBafb68xC1PA:5aNTQQIgeU3O1FOrGg1+AaIZkakz6n1I

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

96.29.209.33:1604

Mutex

DCMIN_MUTEX-VG70KUE

Attributes

gencode
8teTVlZE6Lrc
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  522f5a26d24f2aa64e7a6c0d0c437e89e6aa56e5d93d848ec95eb21fc406d59a
- Size
  
  699KB
- MD5
  
  1a91a89bfc87b526e69280abeb3e528e
- SHA1
  
  a0ef34b93142a4c02f9b8dab81fccd48b290211b
- SHA256
  
  522f5a26d24f2aa64e7a6c0d0c437e89e6aa56e5d93d848ec95eb21fc406d59a
- SHA512
  
  787c237f4ff7cdf5e48c4fd8800ebad33a0e0369819286cd285eb6facb78f29ec65295bcfbe3f8e9f5debae0ebcf1955fb0795e046760fceb47664cd04c01bf7
- SSDEEP
  
  12288:5gPNTrkQIgegZYsO165OOfYFc9koGg1+8faI+nQ+xtEBafb68xC1PA:5aNTQQIgeU3O1FOrGg1+AaIZkakz6n1I
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan