darkcomet | b2b89259c8b2fc28143fb201676805046b7cd37df4aa61582a0a68a1fe6025c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b2b89259c8b2fc28143fb201676805046b7cd37df4aa61582a0a68a1fe6025c5
Size

718KB
Sample

221205-w33yysha2s
MD5

08ddcb2ba71a041c2e2e8f4cefda9339
SHA1

7b336430d610e39b598ba181874a818dadc25248
SHA256

b2b89259c8b2fc28143fb201676805046b7cd37df4aa61582a0a68a1fe6025c5
SHA512

280414cc8ae2e5d91e4a6afc9738101280d7c34283149638d4981c133831f8ebb88f07079c8ff8b2496bd1bb3dd818f220eb72ad337e7166543bf722775b05db
SSDEEP

12288:sPBEb2/mPBEbU8V4kiP3aYz+0ZMp8pY7F1c87F1+Ou/zoJbBQOUs9F00+BLH2WKT:jbwb4Z3aFH7c/zoJ1ZHFZWK25VaSg

Score

10^/10

darkcomet rat trojan

Malware Config

Targets

- Target
  
  b2b89259c8b2fc28143fb201676805046b7cd37df4aa61582a0a68a1fe6025c5
- Size
  
  718KB
- MD5
  
  08ddcb2ba71a041c2e2e8f4cefda9339
- SHA1
  
  7b336430d610e39b598ba181874a818dadc25248
- SHA256
  
  b2b89259c8b2fc28143fb201676805046b7cd37df4aa61582a0a68a1fe6025c5
- SHA512
  
  280414cc8ae2e5d91e4a6afc9738101280d7c34283149638d4981c133831f8ebb88f07079c8ff8b2496bd1bb3dd818f220eb72ad337e7166543bf722775b05db
- SSDEEP
  
  12288:sPBEb2/mPBEbU8V4kiP3aYz+0ZMp8pY7F1c87F1+Ou/zoJbBQOUs9F00+BLH2WKT:jbwb4Z3aFH7c/zoJ1ZHFZWK25VaSg
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan