darkcomet | 48c318b8647d5dc9b50edfb08029469253488d3ee3a550566ebd627c2d026b94 | Triage

Sharing

General

Target

48c318b8647d5dc9b50edfb08029469253488d3ee3a550566ebd627c2d026b94
Size

794KB
Sample

221126-qfmesshh2x
MD5

bfdd64eac3e32996a815d0f1c6d4c692
SHA1

dc73f585c095891c8845246fa63188b8bc9641fc
SHA256

48c318b8647d5dc9b50edfb08029469253488d3ee3a550566ebd627c2d026b94
SHA512

425b0c1857a7f52176b4420cb1d2d996f788122898a1ddaa5fbd7a4641e5d1cba0169bfd2e38fdb67a53a98e8d04db0b5b5da14f01ac203a744945b01d65a325
SSDEEP

24576:yEZNRsdMGxCM6MS+eo8h99opIeEu+ouOWPQ:rRtGd6fo8b9xeTJqQ

Score

10^/10

darkcomet modiloader guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

niekjannssen.no-ip.biz:1604

Mutex

DC_MUTEX-210MFEF

Attributes

gencode
GyGRnPYl6veT
install
false
offline_keylogger
true
password
123456
persistence
false

Targets

- Target
  
  48c318b8647d5dc9b50edfb08029469253488d3ee3a550566ebd627c2d026b94
- Size
  
  794KB
- MD5
  
  bfdd64eac3e32996a815d0f1c6d4c692
- SHA1
  
  dc73f585c095891c8845246fa63188b8bc9641fc
- SHA256
  
  48c318b8647d5dc9b50edfb08029469253488d3ee3a550566ebd627c2d026b94
- SHA512
  
  425b0c1857a7f52176b4420cb1d2d996f788122898a1ddaa5fbd7a4641e5d1cba0169bfd2e38fdb67a53a98e8d04db0b5b5da14f01ac203a744945b01d65a325
- SSDEEP
  
  24576:yEZNRsdMGxCM6MS+eo8h99opIeEu+ouOWPQ:rRtGd6fo8b9xeTJqQ
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan