darkcomet | 82977a68f5f193053276d640366c4547163ab80699c01002232c619b137c8669 | Triage

Sharing

General

Target

82977a68f5f193053276d640366c4547163ab80699c01002232c619b137c8669
Size

1.0MB
Sample

221201-cndkzaab4y
MD5

62b4603ccd5b435533f2cbba560d0a14
SHA1

4b5a10c738ad310547ebe935c88d5b8575978fa4
SHA256

82977a68f5f193053276d640366c4547163ab80699c01002232c619b137c8669
SHA512

23a76ede3f0bf9bb08dd8b8573ebf31a5e38e408a8a1c8ae533f5d406970006109fcdc26bbdf36db334049c2e1c72b8f997fa09ccc0af5300a824a749bec0c9b
SSDEEP

24576:TvOTggIRfmQX3zRYC6FVZPv+FWe4Ys/E:DjYlDZ3+UT/E

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:200

Mutex

DCMIN_MUTEX-QFL0QAA

Attributes

gencode
GRhjc3o82zNr
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  82977a68f5f193053276d640366c4547163ab80699c01002232c619b137c8669
- Size
  
  1.0MB
- MD5
  
  62b4603ccd5b435533f2cbba560d0a14
- SHA1
  
  4b5a10c738ad310547ebe935c88d5b8575978fa4
- SHA256
  
  82977a68f5f193053276d640366c4547163ab80699c01002232c619b137c8669
- SHA512
  
  23a76ede3f0bf9bb08dd8b8573ebf31a5e38e408a8a1c8ae533f5d406970006109fcdc26bbdf36db334049c2e1c72b8f997fa09ccc0af5300a824a749bec0c9b
- SSDEEP
  
  24576:TvOTggIRfmQX3zRYC6FVZPv+FWe4Ys/E:DjYlDZ3+UT/E
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan