darkcomet | e9ec3adbfc8b34e0f9018f5449f74bd633c7d2279147f9f2bfae9d44d40fa849 | Triage

Sharing

General

Target

e9ec3adbfc8b34e0f9018f5449f74bd633c7d2279147f9f2bfae9d44d40fa849
Size

714KB
Sample

221128-jx48lsge98
MD5

3160e27b1a721c2d5826e897d8a88cd2
SHA1

c82ded0d87be838138e7b89641ee2d3145dfdb3e
SHA256

e9ec3adbfc8b34e0f9018f5449f74bd633c7d2279147f9f2bfae9d44d40fa849
SHA512

18e89ae081dc00ef1534ef116eaa72be40f84afcdb73e6958ed0e5cb19e3cbd842978bdf2dd1e24c22a686b8a0b9a37d0a57339a02b764308776f21acecce157
SSDEEP

12288:aBCv6Lx8ckslStluh/g60Mi6ItMKp67/m5EZ2anOZnjWnpw2KtW31j6a9G8M:X+xLleM/g60MpItvQ7Oq0aOcL31d

Score

10^/10

darkcomet youtube rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Youtube

C2

sockproxy.no-ip.biz:1604

Mutex

DC_MUTEX-2S21NCP

Attributes

gencode
HMlSQr6NWU7H
install
false
offline_keylogger
true
password
s7rjj2l
persistence
false

Targets

- Target
  
  e9ec3adbfc8b34e0f9018f5449f74bd633c7d2279147f9f2bfae9d44d40fa849
- Size
  
  714KB
- MD5
  
  3160e27b1a721c2d5826e897d8a88cd2
- SHA1
  
  c82ded0d87be838138e7b89641ee2d3145dfdb3e
- SHA256
  
  e9ec3adbfc8b34e0f9018f5449f74bd633c7d2279147f9f2bfae9d44d40fa849
- SHA512
  
  18e89ae081dc00ef1534ef116eaa72be40f84afcdb73e6958ed0e5cb19e3cbd842978bdf2dd1e24c22a686b8a0b9a37d0a57339a02b764308776f21acecce157
- SSDEEP
  
  12288:aBCv6Lx8ckslStluh/g60Mi6ItMKp67/m5EZ2anOZnjWnpw2KtW31j6a9G8M:X+xLleM/g60MpItvQ7Oq0aOcL31d
Score

10^/10

darkcomet youtube rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometyoutuberattrojan

behavioral2

darkcometyoutuberattrojan