darkcomet | cfafe94ee2d344f17530460a47bd82179bae9191412ad80977880c8546da5320 | Triage

Sharing

General

Target

cfafe94ee2d344f17530460a47bd82179bae9191412ad80977880c8546da5320
Size

1.5MB
Sample

240703-dnt4dsyell
MD5

e331d2622fe24937befafb7ac1e0eab6
SHA1

387d7b4362655cdab0ad054c0ffbfd2e2e1f55c0
SHA256

cfafe94ee2d344f17530460a47bd82179bae9191412ad80977880c8546da5320
SHA512

4b8da6f9ff3a65cc204dd4123ad5c3c96511601b6bb4193c954b3156cc22ece3989009b0c7df8254306a6ac08104237069b08c40cd35c62e1274b3943070f424
SSDEEP

24576:4RmJkcoQricOIQxiZY1iaUdan6KOXh3kw6HMdUxzE/vSjGymqi:9JZoQrbTFZY1iaUdMOWsSqvAGyw

Score

10^/10

darkcomet guest16 rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

chesternam.no-ip.org:1500

chesternam.no-ip.org:1604

Mutex

DC_MUTEX-0ZBLGE9

Attributes

gencode
W7ptmemeRVqh
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  cfafe94ee2d344f17530460a47bd82179bae9191412ad80977880c8546da5320
- Size
  
  1.5MB
- MD5
  
  e331d2622fe24937befafb7ac1e0eab6
- SHA1
  
  387d7b4362655cdab0ad054c0ffbfd2e2e1f55c0
- SHA256
  
  cfafe94ee2d344f17530460a47bd82179bae9191412ad80977880c8546da5320
- SHA512
  
  4b8da6f9ff3a65cc204dd4123ad5c3c96511601b6bb4193c954b3156cc22ece3989009b0c7df8254306a6ac08104237069b08c40cd35c62e1274b3943070f424
- SSDEEP
  
  24576:4RmJkcoQricOIQxiZY1iaUdan6KOXh3kw6HMdUxzE/vSjGymqi:9JZoQrbTFZY1iaUdMOWsSqvAGyw
Score

10^/10

darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometguest16rattrojan

behavioral2

darkcometguest16rattrojan