darkcomet | c72c56173d33ed545fb241cd7716f472caeaf6d6a0665a7ea47b8f7cfc2825a4 | Triage

Sharing

General

Target

Loader.exe
Size

2.2MB
Sample

240403-lhm2wsbe7s
MD5

503438b2096445ce42c1e2674dfe8a00
SHA1

361c70fdde5db742528b98c11844bc6c3a57c509
SHA256

c72c56173d33ed545fb241cd7716f472caeaf6d6a0665a7ea47b8f7cfc2825a4
SHA512

15110fc3cdb634a0e903409e234a298d0b0ae268849c1a0631639b8f51b181c6ebdd0020174eeec973c15cddcba7fa41086cc3bc553c44b267fe52618898f371
SSDEEP

49152:JQDgok309y68bIO5YbCsKm8uVxHTt+n/CknSDwAOV3R:JQU/768lY2mzEn/HH3R

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

23.27.245.112:443

Mutex

DC_MUTEX-5QM7EF3

Attributes

gencode
mYBun8KemGvU
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  Loader.exe
- Size
  
  2.2MB
- MD5
  
  503438b2096445ce42c1e2674dfe8a00
- SHA1
  
  361c70fdde5db742528b98c11844bc6c3a57c509
- SHA256
  
  c72c56173d33ed545fb241cd7716f472caeaf6d6a0665a7ea47b8f7cfc2825a4
- SHA512
  
  15110fc3cdb634a0e903409e234a298d0b0ae268849c1a0631639b8f51b181c6ebdd0020174eeec973c15cddcba7fa41086cc3bc553c44b267fe52618898f371
- SSDEEP
  
  49152:JQDgok309y68bIO5YbCsKm8uVxHTt+n/CknSDwAOV3R:JQU/768lY2mzEn/HH3R
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan