darkcomet | d05fe560a6792e7670d3c364aca662404419987da09053677fd82ec22e3d6b81 | Triage

Sharing

General

Target

d05fe560a6792e7670d3c364aca662404419987da09053677fd82ec22e3d6b81
Size

360KB
Sample

221203-gnvlpsdh9z
MD5

e9315ceafef7f09fbbb52d99ef06cc32
SHA1

390d24ca5949883294ef10585ca1fce11016ce9c
SHA256

d05fe560a6792e7670d3c364aca662404419987da09053677fd82ec22e3d6b81
SHA512

7f8f21337f6cd8024d257efc8c92c7fda03f72a4b9b2aa9647df65171aaeaf5a427953043a19f44660d9b10ab1d6b2f368178f6e0c738fbce7ee9aedec745625
SSDEEP

6144:ljXmPZ3/BL3LuJ5Toj6ZbpgsU1spq/0BHKRVSPndFGzv2dHkUZ8uqL+Dpi2+x:lih3NuJ5ToYRUCHKLSmzedHpZCL+Ox

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sattam.no-ip.biz:1604

Mutex

DC_MUTEX-TELC5DX

Attributes

gencode
0AZVTE47t6Fe
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  d05fe560a6792e7670d3c364aca662404419987da09053677fd82ec22e3d6b81
- Size
  
  360KB
- MD5
  
  e9315ceafef7f09fbbb52d99ef06cc32
- SHA1
  
  390d24ca5949883294ef10585ca1fce11016ce9c
- SHA256
  
  d05fe560a6792e7670d3c364aca662404419987da09053677fd82ec22e3d6b81
- SHA512
  
  7f8f21337f6cd8024d257efc8c92c7fda03f72a4b9b2aa9647df65171aaeaf5a427953043a19f44660d9b10ab1d6b2f368178f6e0c738fbce7ee9aedec745625
- SSDEEP
  
  6144:ljXmPZ3/BL3LuJ5Toj6ZbpgsU1spq/0BHKRVSPndFGzv2dHkUZ8uqL+Dpi2+x:lih3NuJ5ToYRUCHKLSmzedHpZCL+Ox
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan