darkcomet | 58ff044c3c5e9c44e4ded1231b4abad96d12f49748bae95dc7de49b73d874338 | Triage

Sharing

General

Target

58ff044c3c5e9c44e4ded1231b4abad96d12f49748bae95dc7de49b73d874338
Size

667KB
Sample

221130-3ppyhaae6s
MD5

fbf84cbdf4efe67da221a482fff467ce
SHA1

b8058c6cb8f6f845fb110f72053ec03db9bb4b52
SHA256

58ff044c3c5e9c44e4ded1231b4abad96d12f49748bae95dc7de49b73d874338
SHA512

3bc72f16190c31639eeecf4f6f76dcc1c714235fa56f6b587061cbef02dea22a7e091f37530d6e040d66211dbbb9accf686d95aaaf4b500504914c06fe483973
SSDEEP

12288:goSZvlA+uzoR1Jl7qiK07emMP5YIU5sZstCGsOW0mGWLY1:OZvlA+VRJ407e9VUYY95

Score

10^/10

darkcomet modiloader guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-7Q0Q66D

Attributes

gencode
K4iuJN6l6AQq
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  58ff044c3c5e9c44e4ded1231b4abad96d12f49748bae95dc7de49b73d874338
- Size
  
  667KB
- MD5
  
  fbf84cbdf4efe67da221a482fff467ce
- SHA1
  
  b8058c6cb8f6f845fb110f72053ec03db9bb4b52
- SHA256
  
  58ff044c3c5e9c44e4ded1231b4abad96d12f49748bae95dc7de49b73d874338
- SHA512
  
  3bc72f16190c31639eeecf4f6f76dcc1c714235fa56f6b587061cbef02dea22a7e091f37530d6e040d66211dbbb9accf686d95aaaf4b500504914c06fe483973
- SSDEEP
  
  12288:goSZvlA+uzoR1Jl7qiK07emMP5YIU5sZstCGsOW0mGWLY1:OZvlA+VRJ407e9VUYY95
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan