darkcomet | 960efb495f646cda153017ba956b4e965b03538e408425c8aaec97279c78c8ba | Triage

Sharing

General

Target

960efb495f646cda153017ba956b4e965b03538e408425c8aaec97279c78c8ba
Size

1.0MB
Sample

221202-v9nxyahg37
MD5

c0304b43e6ce77d2f7f9458efe8cf746
SHA1

9e7d5e0f7f55ca1eac754d83b44d061e02605c2f
SHA256

960efb495f646cda153017ba956b4e965b03538e408425c8aaec97279c78c8ba
SHA512

cf74cc38998c297d32d59639edfc61d8028427f7976b30f3a1f92368af1cabf6f72d3be8c982e555e4ffd9faec3e5a689703469a1617a60064b075eef694e814
SSDEEP

12288:maF3jFjW7S2Vt/e6ESi+cEhWKg58FsjGApV2Mnb9TLCmv1GT3eU0LoX5C:/TX6/QecEc5Z6ApV5b9TLCmv1GTecX5C

Score

10^/10

darkcomet rat rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

RAT

C2

ilya69.no-ip.info:1337

Mutex

DCMIN_MUTEX-9HHY8YP

Attributes

gencode
E7oxjPKu4NXN
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  960efb495f646cda153017ba956b4e965b03538e408425c8aaec97279c78c8ba
- Size
  
  1.0MB
- MD5
  
  c0304b43e6ce77d2f7f9458efe8cf746
- SHA1
  
  9e7d5e0f7f55ca1eac754d83b44d061e02605c2f
- SHA256
  
  960efb495f646cda153017ba956b4e965b03538e408425c8aaec97279c78c8ba
- SHA512
  
  cf74cc38998c297d32d59639edfc61d8028427f7976b30f3a1f92368af1cabf6f72d3be8c982e555e4ffd9faec3e5a689703469a1617a60064b075eef694e814
- SSDEEP
  
  12288:maF3jFjW7S2Vt/e6ESi+cEhWKg58FsjGApV2Mnb9TLCmv1GT3eU0LoX5C:/TX6/QecEc5Z6ApV5b9TLCmv1GTecX5C
Score

10^/10

darkcomet rat rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometratrattrojan

behavioral2

darkcometratrattrojan