darkcomet | bb4ee693e4836ce0d775cdade18c0ab7605af151650b5ed84b42ddba7eedd034 | Triage

Sharing

General

Target

c306111a4c3bd40c18b3752a164df7a9
Size

649KB
Sample

240312-lf5h6ade7x
MD5

c306111a4c3bd40c18b3752a164df7a9
SHA1

33a637f73692d36f5f1b5ec3611b2627d5e8ddfb
SHA256

bb4ee693e4836ce0d775cdade18c0ab7605af151650b5ed84b42ddba7eedd034
SHA512

af475dffdc2160279b087f9054ec47fd957aab31cf6399f938fa4230607f807ffa48fd8d8e3a09974328e699bbf8d86e49e4c9308fd621d032bba1c9424f61aa
SSDEEP

12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+B:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gk

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-3W74S74

Attributes

gencode
BDGBVojcMbue
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  c306111a4c3bd40c18b3752a164df7a9
- Size
  
  649KB
- MD5
  
  c306111a4c3bd40c18b3752a164df7a9
- SHA1
  
  33a637f73692d36f5f1b5ec3611b2627d5e8ddfb
- SHA256
  
  bb4ee693e4836ce0d775cdade18c0ab7605af151650b5ed84b42ddba7eedd034
- SHA512
  
  af475dffdc2160279b087f9054ec47fd957aab31cf6399f938fa4230607f807ffa48fd8d8e3a09974328e699bbf8d86e49e4c9308fd621d032bba1c9424f61aa
- SSDEEP
  
  12288:bk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+B:Q0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gk
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan