darkcomet | e800413f4e0af6fae6cae64bc7d082cd1b630fc6ee5bfdcd883a4f2890418b35 | Triage

Sharing

General

Target

e800413f4e0af6fae6cae64bc7d082cd1b630fc6ee5bfdcd883a4f2890418b35
Size

704KB
Sample

221201-jwteqach2w
MD5

a5b3fe1a20d6d9a8eb9218be32ea117f
SHA1

ea5ac806dd67b436d6783257e4ac33f9ede2648d
SHA256

e800413f4e0af6fae6cae64bc7d082cd1b630fc6ee5bfdcd883a4f2890418b35
SHA512

337aae3b19381f9086e061baecb46a75ebede6dbef7ccf5205d52f6eb15e532e6169a3db0f3bbbe39056aecf3bb6c7b3297ac0a77b4f00b0405a26602ee6ef81
SSDEEP

12288:jNx3htwJ6oxYkLzHfN37Y+nGl66XzIp7I+VUSoRgYLVARsSmSM2W:jTIHxYkLz/6+nmbXGXn/aNSb

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lyxia21.no-ip.org:200

Mutex

DC_MUTEX-C8UND5E

Attributes

gencode
osd9i6GH5HLy
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e800413f4e0af6fae6cae64bc7d082cd1b630fc6ee5bfdcd883a4f2890418b35
- Size
  
  704KB
- MD5
  
  a5b3fe1a20d6d9a8eb9218be32ea117f
- SHA1
  
  ea5ac806dd67b436d6783257e4ac33f9ede2648d
- SHA256
  
  e800413f4e0af6fae6cae64bc7d082cd1b630fc6ee5bfdcd883a4f2890418b35
- SHA512
  
  337aae3b19381f9086e061baecb46a75ebede6dbef7ccf5205d52f6eb15e532e6169a3db0f3bbbe39056aecf3bb6c7b3297ac0a77b4f00b0405a26602ee6ef81
- SSDEEP
  
  12288:jNx3htwJ6oxYkLzHfN37Y+nGl66XzIp7I+VUSoRgYLVARsSmSM2W:jTIHxYkLz/6+nmbXGXn/aNSb
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan