darkcomet | 81733c92d498d0c739c3bd57be31c15d477625d965a47c7269fe5424cf21e84c | Triage

Sharing

General

Target

81733c92d498d0c739c3bd57be31c15d477625d965a47c7269fe5424cf21e84c
Size

338KB
Sample

241104-xf9zeswall
MD5

c3057e215f8f3fe61e91970ba0518f80
SHA1

228e7c74ac9cf17fd44c9da5ee92fc08a67d024c
SHA256

81733c92d498d0c739c3bd57be31c15d477625d965a47c7269fe5424cf21e84c
SHA512

49e6864c5bb04f3b96b49d0b4f5807e6e91aeb05f1c3efa853984e9f0c0673b22e5eaec8ce99891f5d07258c9d244a65a6dce5a4f955136c8a1364eb36c23e6e
SSDEEP

6144:P3XKOSWJP9VLbkKx7byNlVn0DA1eBYA7ElA5OE3SrAitWJg+98mhQVwl:P0WHVLbx5ynt2A4ale/oWqMhQql

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-Z13B80M

Attributes

gencode
AHMTw3fm3YQK
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  f991fb7adaf38468117ff3233d7032b28eebd8784c51533b1689c8d32df6d136.exe
- Size
  
  658KB
- MD5
  
  d5a56cf6e813da13cd4cced586550c93
- SHA1
  
  535ddef02410cf08daf646ef8eeb389a76f61118
- SHA256
  
  f991fb7adaf38468117ff3233d7032b28eebd8784c51533b1689c8d32df6d136
- SHA512
  
  9c0f8dc8946216f65451576c50df25642a6be77c5026503f93404e3855939bfb8c9b14421a139bc06bae56bd239a165aa6b4cde01633f9933cebc5af5bb7c1c8
- SSDEEP
  
  12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hL:mZ1xuVVjfFoynPaVBUR8f+kN10EBJ
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan