darkcomet | 14f505bf0fbfe5076f33d549a7be63356e0deef95876803dcb08436871220b12 | Triage

Sharing

General

Target

a4af1160a37350e154fb9e9815ab7083
Size

872KB
Sample

240225-1qn2gsea5z
MD5

a4af1160a37350e154fb9e9815ab7083
SHA1

c3a852729a0e80e1984284f404ba8d05a8b76dda
SHA256

14f505bf0fbfe5076f33d549a7be63356e0deef95876803dcb08436871220b12
SHA512

6ec8c4dc2cd52d911695ff7205b900997ceca48f31e95eccd6379f60df5dd56107da423cc9fe146c5ba192d1b46eaa3d01ed01c947c0fe1f72d9b0dcfa1e0972
SSDEEP

24576:5QuS/wMV6u+kSnbo6IBkiVuvZ/u3D2CwRbU:R416Zlbo62BuZVRw

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-MB5NPPX

Attributes

gencode
6jLcyVQgyGhF
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  a4af1160a37350e154fb9e9815ab7083
- Size
  
  872KB
- MD5
  
  a4af1160a37350e154fb9e9815ab7083
- SHA1
  
  c3a852729a0e80e1984284f404ba8d05a8b76dda
- SHA256
  
  14f505bf0fbfe5076f33d549a7be63356e0deef95876803dcb08436871220b12
- SHA512
  
  6ec8c4dc2cd52d911695ff7205b900997ceca48f31e95eccd6379f60df5dd56107da423cc9fe146c5ba192d1b46eaa3d01ed01c947c0fe1f72d9b0dcfa1e0972
- SSDEEP
  
  24576:5QuS/wMV6u+kSnbo6IBkiVuvZ/u3D2CwRbU:R416Zlbo62BuZVRw
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan