darkcomet | aabe9a788e56f3d9b79c93989ed6bca0c0a3bf0cf00afdd4cb8bb9623ac8e318 | Triage

Sharing

General

Target

aabe9a788e56f3d9b79c93989ed6bca0c0a3bf0cf00afdd4cb8bb9623ac8e318
Size

1000KB
Sample

221129-d3r8caeh8t
MD5

ff45a87a948408437d7fb81c881fe0ff
SHA1

378fb8206420205e2059fe7f3bca8bb0c409c9af
SHA256

aabe9a788e56f3d9b79c93989ed6bca0c0a3bf0cf00afdd4cb8bb9623ac8e318
SHA512

877de2c53e041b6ac27d4eba2ba32a6214972d1ac958755f2032811a13489cc235b077257a76785039a0a3c1821473dc5a46ea820dae93396c2f45df2ec656aa
SSDEEP

24576:rOVW8UTztPnxfLDI52L9QbzpSFIXYN2nfiOng0+a8njwj:rmYtJf2blWJG9j

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

oprecizion.no-ip.biz:1852

Mutex

DC_MUTEX-XTT89EM

Attributes

gencode
DkxMTkGP6J6a
install
false
offline_keylogger
true
password
bamboo
persistence
false

Targets

- Target
  
  aabe9a788e56f3d9b79c93989ed6bca0c0a3bf0cf00afdd4cb8bb9623ac8e318
- Size
  
  1000KB
- MD5
  
  ff45a87a948408437d7fb81c881fe0ff
- SHA1
  
  378fb8206420205e2059fe7f3bca8bb0c409c9af
- SHA256
  
  aabe9a788e56f3d9b79c93989ed6bca0c0a3bf0cf00afdd4cb8bb9623ac8e318
- SHA512
  
  877de2c53e041b6ac27d4eba2ba32a6214972d1ac958755f2032811a13489cc235b077257a76785039a0a3c1821473dc5a46ea820dae93396c2f45df2ec656aa
- SSDEEP
  
  24576:rOVW8UTztPnxfLDI52L9QbzpSFIXYN2nfiOng0+a8njwj:rmYtJf2blWJG9j
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan