darkcomet | 1f1d35c7afb5178b9e98b71c433108743ba6d9d7f9aecf647c4b9130ea084ab8 | Triage

Sharing

General

Target

1f1d35c7afb5178b9e98b71c433108743ba6d9d7f9aecf647c4b9130ea084ab8
Size

1.5MB
Sample

221126-cjanhsdg53
MD5

255d824058f18f2d9dac2dda2214e08a
SHA1

95ebcbae50218bc8ca8d472a5b1b7f23d7a0c061
SHA256

1f1d35c7afb5178b9e98b71c433108743ba6d9d7f9aecf647c4b9130ea084ab8
SHA512

65451253c32711991f742a045c4158d3219ed473a1b9120eeae888f6caa59ad108fe2133a3e95f8b98d224d119c905bed26073f29a10cf125bb73677de23a0d5
SSDEEP

24576:mZ1xuVVjfFoynPaVBUR8f+kN10EBiKzn1AAHEvtcwOwnvzuEG9WlE:2QDgok309qA3c5VFkW

Score

10^/10

darkcomet 1 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

1

C2

bagrad.ddns.net:8080

Mutex

DC_MUTEX-M3J1E7D

Attributes

gencode
9xK8C2aXKe4Y
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  1f1d35c7afb5178b9e98b71c433108743ba6d9d7f9aecf647c4b9130ea084ab8
- Size
  
  1.5MB
- MD5
  
  255d824058f18f2d9dac2dda2214e08a
- SHA1
  
  95ebcbae50218bc8ca8d472a5b1b7f23d7a0c061
- SHA256
  
  1f1d35c7afb5178b9e98b71c433108743ba6d9d7f9aecf647c4b9130ea084ab8
- SHA512
  
  65451253c32711991f742a045c4158d3219ed473a1b9120eeae888f6caa59ad108fe2133a3e95f8b98d224d119c905bed26073f29a10cf125bb73677de23a0d5
- SSDEEP
  
  24576:mZ1xuVVjfFoynPaVBUR8f+kN10EBiKzn1AAHEvtcwOwnvzuEG9WlE:2QDgok309qA3c5VFkW
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan