darkcomet | 2839b0c1800dd17a164fe8f179e9e4769829eee74d89a45552133cbdf28fb6cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

stub.exe
Size

658KB
Sample

240104-r383racgh2
MD5

680392868a764e811d03ae60c604cb39
SHA1

a2d4db80fa9869ab3ff5e8655e18fdda61d0ac26
SHA256

2839b0c1800dd17a164fe8f179e9e4769829eee74d89a45552133cbdf28fb6cc
SHA512

4baebbd8d47630689c8ea020cd7debb4fae18bfa50e9915ab0851976545bca2d99920b2732f1c18d77500a060f103e4bdc72266a8525437d27397a738ebdaac1
SSDEEP

12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hv:OZ1xuVVjfFoynPaVBUR8f+kN10EBV

Score

10^/10

darkcomet guest16_min rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

sp1oorat.ddns.net:1604

Mutex

DCMIN_MUTEX-R0P3PJW

Attributes

gencode
LKklt4MiodXP
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  stub.exe
- Size
  
  658KB
- MD5
  
  680392868a764e811d03ae60c604cb39
- SHA1
  
  a2d4db80fa9869ab3ff5e8655e18fdda61d0ac26
- SHA256
  
  2839b0c1800dd17a164fe8f179e9e4769829eee74d89a45552133cbdf28fb6cc
- SHA512
  
  4baebbd8d47630689c8ea020cd7debb4fae18bfa50e9915ab0851976545bca2d99920b2732f1c18d77500a060f103e4bdc72266a8525437d27397a738ebdaac1
- SSDEEP
  
  12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hv:OZ1xuVVjfFoynPaVBUR8f+kN10EBV
Score

10^/10

darkcomet guest16_min rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Drops file in Drivers directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16_mindarkcomet

behavioral1

darkcometguest16_minrattrojan

behavioral2

darkcometguest16_minrattrojan