darkcomet | f50f25aaf1ca428ca96d668bdca26d82c8e447fbe6988e9e7efb7554142880fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52c3812735ede6eb213f7e20ac1c6c48
Size

1.3MB
Sample

240111-g3rtcsbed3
MD5

52c3812735ede6eb213f7e20ac1c6c48
SHA1

f7a19879a9a600b06fef91637406139c8a01dcf1
SHA256

f50f25aaf1ca428ca96d668bdca26d82c8e447fbe6988e9e7efb7554142880fd
SHA512

d75104a858d2c9130813902a5dfa3d78728e79021cb30040ee1cd66df44cc1be27eeec35822f295917231ae556b3550ff7d7dcc075aea064bebc3cea8178a52e
SSDEEP

24576:cW7d15x6m+gm0Dyp977Wo6Q7LYwFLGWlnA7I/2OEsCN0FK/cRgOnmq9g6FGEdWW2:XLu1hr7r7UwkWlnA7g2+EpcOU7m6YE52

Score

10^/10

darkcomet guest16 evasion rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lachiche6.myftp.biz:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
LdmfteUyKRFH
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  52c3812735ede6eb213f7e20ac1c6c48
- Size
  
  1.3MB
- MD5
  
  52c3812735ede6eb213f7e20ac1c6c48
- SHA1
  
  f7a19879a9a600b06fef91637406139c8a01dcf1
- SHA256
  
  f50f25aaf1ca428ca96d668bdca26d82c8e447fbe6988e9e7efb7554142880fd
- SHA512
  
  d75104a858d2c9130813902a5dfa3d78728e79021cb30040ee1cd66df44cc1be27eeec35822f295917231ae556b3550ff7d7dcc075aea064bebc3cea8178a52e
- SSDEEP
  
  24576:cW7d15x6m+gm0Dyp977Wo6Q7LYwFLGWlnA7I/2OEsCN0FK/cRgOnmq9g6FGEdWW2:XLu1hr7r7UwkWlnA7g2+EpcOU7m6YE52
Score

10^/10

darkcomet guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16evasionrattrojan

behavioral2