darkcomet | 5ba8aacca9daae5b7b75e37803b4d5e97e47e74dc5c4da9c30bb26d4475406f3 | Triage

Submit
Reports

Overview

overview

Static

static

SMSS.exe

windows7-x64

Sharing

General

Target

SMSS.exe
Size

660KB
Sample

240621-nk6m5a1gnj
MD5

00206f07fc94f210e88c9f350ec6ad05
SHA1

c6c14a5a3ec8aea3d9362815ae952aeb1ecfb69f
SHA256

5ba8aacca9daae5b7b75e37803b4d5e97e47e74dc5c4da9c30bb26d4475406f3
SHA512

bd0e711b264944804533735c102ae6cbd46efe4d8c347ca6d8b9cd8f44c5681633f7c525ba9e3d8fb5acfa75897e3ceccdf44a48b1b480b991840973b1a40409
SSDEEP

12288:QXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452U5:2nAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJ

Score

10^/10

darkcomet guest16 rat trojan

Static task

static1

guest16 darkcomet

2 signatures

Behavioral task

behavioral1

Sample

SMSS.exe

Resource

win7-20231129-en

darkcomet guest16 rat trojan

windows7-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

carolina-reverse.gl.at.ply.gg:34609

Mutex

DC_MUTEX-FE4QJR8

Attributes

gencode
Tl1Q3ZoMGV1p
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  SMSS.exe
- Size
  
  660KB
- MD5
  
  00206f07fc94f210e88c9f350ec6ad05
- SHA1
  
  c6c14a5a3ec8aea3d9362815ae952aeb1ecfb69f
- SHA256
  
  5ba8aacca9daae5b7b75e37803b4d5e97e47e74dc5c4da9c30bb26d4475406f3
- SHA512
  
  bd0e711b264944804533735c102ae6cbd46efe4d8c347ca6d8b9cd8f44c5681633f7c525ba9e3d8fb5acfa75897e3ceccdf44a48b1b480b991840973b1a40409
- SSDEEP
  
  12288:QXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452U5:2nAw2WWeFcfbP9VPSPMTSPL/rWvzq4JJ
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16rattrojan

© 2018-2024

Terms | Privacy