darkcomet | fefb6125c928072f4611b21237a1acbffe5ab546427cb94a978d98228b464a49 | Triage

Sharing

General

Target

fefb6125c928072f4611b21237a1acbffe5ab546427cb94a978d98228b464a49
Size

694KB
Sample

221130-3gnqgaee35
MD5

4728e7cdc9cdc081836dfc309f4c5200
SHA1

720f5e6e422b97e240066562bbc66dcb63a34786
SHA256

fefb6125c928072f4611b21237a1acbffe5ab546427cb94a978d98228b464a49
SHA512

9177242bd1434e8b3a88f9c8212060436153c08b9a73c53fe9fc9e01e303aa587f3d8ca8054a40cd586c4486d79de830e377f68fbb9b68686c525ccb2a8c0a6e
SSDEEP

12288:p+PkN5nJkqxyQHUwmu/VX5lgd12WYuAAiOTgtFpTbwZ2iyWy:nNRqoHUwbDlgdwZBCgJTbwwiyV

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

37.221.161.37:1234

Mutex

DCMIN_MUTEX-QHCX8P4

Attributes

gencode
EXviYNnCNHfA
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  fefb6125c928072f4611b21237a1acbffe5ab546427cb94a978d98228b464a49
- Size
  
  694KB
- MD5
  
  4728e7cdc9cdc081836dfc309f4c5200
- SHA1
  
  720f5e6e422b97e240066562bbc66dcb63a34786
- SHA256
  
  fefb6125c928072f4611b21237a1acbffe5ab546427cb94a978d98228b464a49
- SHA512
  
  9177242bd1434e8b3a88f9c8212060436153c08b9a73c53fe9fc9e01e303aa587f3d8ca8054a40cd586c4486d79de830e377f68fbb9b68686c525ccb2a8c0a6e
- SSDEEP
  
  12288:p+PkN5nJkqxyQHUwmu/VX5lgd12WYuAAiOTgtFpTbwZ2iyWy:nNRqoHUwbDlgdwZBCgJTbwwiyV
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2