darkcomet | 25aaa2657e649d8976cb321a6bf63eb56e8451ebde550003ef98782dd1b5ae62 | Triage

Sharing

General

Target

executable.300.exe
Size

658KB
Sample

230708-26kvfabb9t
MD5

57b9308c476e7a443b3a8d6d4844d22c
SHA1

3c2f98bb99a517e0e096009305bc6b1b5b0c1e99
SHA256

25aaa2657e649d8976cb321a6bf63eb56e8451ebde550003ef98782dd1b5ae62
SHA512

4c661130a1cc56d0d6e3a26dfce00cd6397447e3257e20073b003d1a0827a18d225572eeb0572f8bff0450582e49cbdd8bc2d5a7ffbab5edb12667a887c77274
SSDEEP

12288:A9HFJ9rJxq1usonSohLBHARgykNCHP9ISH:kZ1eusloVBgRvkNe/

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

test213.no-ip.info:1604

Mutex

DC_MUTEX-KHNEW06

Attributes

InstallPath
MSDCSC\runddl32.exe
gencode
F6FE8i2BxCpu
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  executable.300.exe
- Size
  
  658KB
- MD5
  
  57b9308c476e7a443b3a8d6d4844d22c
- SHA1
  
  3c2f98bb99a517e0e096009305bc6b1b5b0c1e99
- SHA256
  
  25aaa2657e649d8976cb321a6bf63eb56e8451ebde550003ef98782dd1b5ae62
- SHA512
  
  4c661130a1cc56d0d6e3a26dfce00cd6397447e3257e20073b003d1a0827a18d225572eeb0572f8bff0450582e49cbdd8bc2d5a7ffbab5edb12667a887c77274
- SSDEEP
  
  12288:A9HFJ9rJxq1usonSohLBHARgykNCHP9ISH:kZ1eusloVBgRvkNe/
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan

behavioral3

darkcometguest16rattrojan