darkcomet | f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e | Triage

Sharing

General

Target

f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e
Size

1024KB
Sample

221203-dd9q4acc7s
MD5

039543b29918a1800c8e0e8c9d9ba7d0
SHA1

145769085294b822ff2c805428246795878bbc62
SHA256

f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e
SHA512

d3328f9cd60dcbd029371b56d4b98002a624d3d2ba56b9e707d7a101b8dce81e2761159ecaa8ed51b6ced60ab832522ac6bdb8a197f3fa79797d9aa70f5b5df7
SSDEEP

24576:NdlX2joBPourq9FcX59bowZVuybDjpc/UGR/eGKuYmVUdYb6HRUf:tmFu29Fcp9bowbuy/S/71QuVhOM

Score

10^/10

darkcomet s4ndy rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

S4NDY

C2

kissmyarse.no-ip.biz:5466

Mutex

RLG3J8R6JRP0QA

Attributes

gencode
qYEmNxplwd2o
install
false
offline_keylogger
true
password
9845619822
persistence
false

Targets

- Target
  
  f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e
- Size
  
  1024KB
- MD5
  
  039543b29918a1800c8e0e8c9d9ba7d0
- SHA1
  
  145769085294b822ff2c805428246795878bbc62
- SHA256
  
  f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e
- SHA512
  
  d3328f9cd60dcbd029371b56d4b98002a624d3d2ba56b9e707d7a101b8dce81e2761159ecaa8ed51b6ced60ab832522ac6bdb8a197f3fa79797d9aa70f5b5df7
- SSDEEP
  
  24576:NdlX2joBPourq9FcX59bowZVuybDjpc/UGR/eGKuYmVUdYb6HRUf:tmFu29Fcp9bowbuy/S/71QuVhOM
Score

10^/10

darkcomet s4ndy rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomets4ndyrattrojan

behavioral2

darkcomets4ndyrattrojan