darkcomet | 15e9ce573d61eb023d67e2a8ee192fb61d6998c06e0342de2323374ebabc8c6f | Triage

Sharing

General

Target

771676b3fbd4958422a43963783f4167
Size

1.8MB
Sample

231226-r9r3taheem
MD5

771676b3fbd4958422a43963783f4167
SHA1

89ecd40b2fe550a50c8fc4c9e2f2d65d5f2e7d28
SHA256

15e9ce573d61eb023d67e2a8ee192fb61d6998c06e0342de2323374ebabc8c6f
SHA512

73f9c46eefa03408206b7a4771ac7dcf30cf19821a6166cd1a7153591c94c12d17b6aa39d559662fb3f4d3c3bcca7f6930c763a8bfbd9840c6f1e6ec58a651db
SSDEEP

24576:8RmJkcoQricOIQxiZY1iaXi9FrrTy/zbUgktKkRX10x48VqFquz7DoH:pJZoQrbTFZY1iaX8r3y//U1LRXqyaue

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

192.168.1.101:120

Mutex

DCMIN_MUTEX-TQKBH7N

Attributes

gencode
8cG2wu0YyUoM
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  771676b3fbd4958422a43963783f4167
- Size
  
  1.8MB
- MD5
  
  771676b3fbd4958422a43963783f4167
- SHA1
  
  89ecd40b2fe550a50c8fc4c9e2f2d65d5f2e7d28
- SHA256
  
  15e9ce573d61eb023d67e2a8ee192fb61d6998c06e0342de2323374ebabc8c6f
- SHA512
  
  73f9c46eefa03408206b7a4771ac7dcf30cf19821a6166cd1a7153591c94c12d17b6aa39d559662fb3f4d3c3bcca7f6930c763a8bfbd9840c6f1e6ec58a651db
- SSDEEP
  
  24576:8RmJkcoQricOIQxiZY1iaXi9FrrTy/zbUgktKkRX10x48VqFquz7DoH:pJZoQrbTFZY1iaX8r3y//U1LRXqyaue
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan