darkcomet

General

Target

d1a6927a0ad7b9a1eb072535aa3879ab
Size

708KB
Sample

240317-xwla1add99
MD5

d1a6927a0ad7b9a1eb072535aa3879ab
SHA1

989cc5e58c7f0de80d5dfcb0468b812192c4c3ef
SHA256

7ddbcb26b9c3afc287c094d534ee051f311c258db1c5d2082b384de4b2207c1a
SHA512

8474cae8e14037913c740a52628242bf434e315139d6d23626859c96beb06b497f024cb8ba3ad689d94cc2f8a23408cf09e3c2718ab29fd0053d379ca6bb99c4
SSDEEP

12288:tk6zJDIYsrXd0+tMt+sH2ept70Q93Fohby5KNK5u3z9HRI0WRooTalj8:tk6zJDIYs7dKH2ecQxgbpsyHRI049TaS

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lolscape12345.zapto.org:4444

coderscape.net84.net:4444

127.0.0.1:4444

192.168.0.3:4444

77.96.90.48:4444

Mutex

DC_MUTEX-KLX6V48

Attributes

gencode
YCMTuRTxJEkt
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

lolscape12345.zapto.org

Targets

- Target
  
  d1a6927a0ad7b9a1eb072535aa3879ab
- Size
  
  708KB
- MD5
  
  d1a6927a0ad7b9a1eb072535aa3879ab
- SHA1
  
  989cc5e58c7f0de80d5dfcb0468b812192c4c3ef
- SHA256
  
  7ddbcb26b9c3afc287c094d534ee051f311c258db1c5d2082b384de4b2207c1a
- SHA512
  
  8474cae8e14037913c740a52628242bf434e315139d6d23626859c96beb06b497f024cb8ba3ad689d94cc2f8a23408cf09e3c2718ab29fd0053d379ca6bb99c4
- SSDEEP
  
  12288:tk6zJDIYsrXd0+tMt+sH2ept70Q93Fohby5KNK5u3z9HRI0WRooTalj8:tk6zJDIYs7dKH2ecQxgbpsyHRI049TaS
Score

10^/10

darkcomet latentbot guest16 evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

2

T1564

Hidden Files and Directories

2

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

LatentBot

Sets file to hidden

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2