darkcomet | f078ebeb80cabc5bc6448d58a42f9314f4c8893a0436415d49e5520eb67ff2ed | Triage

Sharing

General

Target

f078ebeb80cabc5bc6448d58a42f9314f4c8893a0436415d49e5520eb67ff2ed
Size

788KB
Sample

221203-dg4z1shd97
MD5

2e75ad08a9b982515f53f852ad744a76
SHA1

4f4a61300ef5df02edbbdbcbeb22b2995ebf5898
SHA256

f078ebeb80cabc5bc6448d58a42f9314f4c8893a0436415d49e5520eb67ff2ed
SHA512

479237b20cee15a9cea055404cdc8d2be1f2642a905e843411a5bdfa2b86011cdacd4e34aa1a1ac995a30f78a266246634644747357050298576c135fa91734b
SSDEEP

24576:zFoXBnpw8bzRhObDkvEbSDKC2UmKaHZz/mt/E:pYBny0zD0DkvG8mKQKt/E

Score

10^/10

darkcomet guest56 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest56

C2

demonza001.no-ip.org:82

192.168.1.20:82

Mutex

DC_MUTEX-G11EJLX

Attributes

gencode
rt0CHvdzwbUk
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f078ebeb80cabc5bc6448d58a42f9314f4c8893a0436415d49e5520eb67ff2ed
- Size
  
  788KB
- MD5
  
  2e75ad08a9b982515f53f852ad744a76
- SHA1
  
  4f4a61300ef5df02edbbdbcbeb22b2995ebf5898
- SHA256
  
  f078ebeb80cabc5bc6448d58a42f9314f4c8893a0436415d49e5520eb67ff2ed
- SHA512
  
  479237b20cee15a9cea055404cdc8d2be1f2642a905e843411a5bdfa2b86011cdacd4e34aa1a1ac995a30f78a266246634644747357050298576c135fa91734b
- SSDEEP
  
  24576:zFoXBnpw8bzRhObDkvEbSDKC2UmKaHZz/mt/E:pYBny0zD0DkvG8mKQKt/E
Score

10^/10

darkcomet guest56 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

darkcometguest56rattrojan