darkcomet | 94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618 | Triage

Sharing

General

Target

94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618
Size

758KB
Sample

221201-zrqq2aah27
MD5

97c9689e3b5ea8f15fbcf2919038e02b
SHA1

2aa3bd0c36cc22de727f32e51b0098e9283dc2e8
SHA256

94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618
SHA512

c859a61666ac338802217709f26a24f3ea76f96e7a67e5b95b0e4a0fd143d09b6a9d9b3948c1eb0ae8325aff4c8e8a86176950d5c2b20b34c0b6b01ac95725ac
SSDEEP

12288:76lOwG2qPnAknEHZCX2N0K4AivtYRiSVXWMMkNV4mAPKmT9YCBBJFihR0ltqeIi:QOr2qPXUCX2NlR6uRiqWbAVPAPZYCBzz

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-R3938ZJ

Attributes

gencode
pjduwzHB2Fki
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618
- Size
  
  758KB
- MD5
  
  97c9689e3b5ea8f15fbcf2919038e02b
- SHA1
  
  2aa3bd0c36cc22de727f32e51b0098e9283dc2e8
- SHA256
  
  94bd3c56d173ce17903d5ac74459e4cfc641ffcc0c84f5669a1ea1e873910618
- SHA512
  
  c859a61666ac338802217709f26a24f3ea76f96e7a67e5b95b0e4a0fd143d09b6a9d9b3948c1eb0ae8325aff4c8e8a86176950d5c2b20b34c0b6b01ac95725ac
- SSDEEP
  
  12288:76lOwG2qPnAknEHZCX2N0K4AivtYRiSVXWMMkNV4mAPKmT9YCBBJFihR0ltqeIi:QOr2qPXUCX2NlR6uRiqWbAVPAPZYCBzz
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan