darkcomet | ae707a3769d55080d8c6de07bc0ce03c5f12e375725da4a5fd06bae674123929 | Triage

Sharing

General

Target

ae707a3769d55080d8c6de07bc0ce03c5f12e375725da4a5fd06bae674123929
Size

775KB
Sample

221203-f5bpgsha74
MD5

4059d073c931d0996feb311816b5c546
SHA1

e7eb04125e7ee439a38ede9f518f8fcc019300bf
SHA256

ae707a3769d55080d8c6de07bc0ce03c5f12e375725da4a5fd06bae674123929
SHA512

16381dcdfae9841550a4ab8899f87416cd19c1262f7121b011f299aa892a9e6b043677901ebb3be7248d6f824e91ef48d01f1736644f50a9e6b12b2cc3ca316d
SSDEEP

12288:qUpaRMVTqS0f5Uvq0sCw168EqURAW6Sk/TmdWh/AGtBRJucBs2CNBDZgs:q5RMVPubVCwxXQRMAWh/ttBtBiFH

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-0DW527V

Attributes

gencode
TlzkHYZvMND7
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  ae707a3769d55080d8c6de07bc0ce03c5f12e375725da4a5fd06bae674123929
- Size
  
  775KB
- MD5
  
  4059d073c931d0996feb311816b5c546
- SHA1
  
  e7eb04125e7ee439a38ede9f518f8fcc019300bf
- SHA256
  
  ae707a3769d55080d8c6de07bc0ce03c5f12e375725da4a5fd06bae674123929
- SHA512
  
  16381dcdfae9841550a4ab8899f87416cd19c1262f7121b011f299aa892a9e6b043677901ebb3be7248d6f824e91ef48d01f1736644f50a9e6b12b2cc3ca316d
- SSDEEP
  
  12288:qUpaRMVTqS0f5Uvq0sCw168EqURAW6Sk/TmdWh/AGtBRJucBs2CNBDZgs:q5RMVPubVCwxXQRMAWh/ttBtBiFH
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan