darkcomet | 399a7788a8b3b852bca9ead8661f168045e61933af8802bc88ea010bcc9a1b16 | Triage

Sharing

General

Target

399a7788a8b3b852bca9ead8661f168045e61933af8802bc88ea010bcc9a1b16
Size

1.1MB
Sample

221127-mpaktaee3x
MD5

2fa6c060ce469f13b5ed14b78200df4b
SHA1

7ffe1baaef44ff06da7e69c64a1cfd3aa9e651a4
SHA256

399a7788a8b3b852bca9ead8661f168045e61933af8802bc88ea010bcc9a1b16
SHA512

c11730cc72ed676817e458ec74dbde510530040dbee4a2c9de04992ff6983c8f9c8810183cfd602132b38613c4efd878dd4a4b2aa816a317faa964361f185726
SSDEEP

24576:4rGs0Zal/WahA6h3wESnwdnhR2R1NR4288IvHBIi:4rqGOahAqFGAI1NaTB

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

kissme123.zapto.org:1604

Mutex

DC_MUTEX-PDWE49A

Attributes

gencode
2oBEafD7BTBb
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  399a7788a8b3b852bca9ead8661f168045e61933af8802bc88ea010bcc9a1b16
- Size
  
  1.1MB
- MD5
  
  2fa6c060ce469f13b5ed14b78200df4b
- SHA1
  
  7ffe1baaef44ff06da7e69c64a1cfd3aa9e651a4
- SHA256
  
  399a7788a8b3b852bca9ead8661f168045e61933af8802bc88ea010bcc9a1b16
- SHA512
  
  c11730cc72ed676817e458ec74dbde510530040dbee4a2c9de04992ff6983c8f9c8810183cfd602132b38613c4efd878dd4a4b2aa816a317faa964361f185726
- SSDEEP
  
  24576:4rGs0Zal/WahA6h3wESnwdnhR2R1NR4288IvHBIi:4rqGOahAqFGAI1NaTB
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan