darkcomet | 976274b2077d177d6801b3eadb1120baf7e6f571c31be97efc0030fd3abc34f5 | Triage

Sharing

General

Target

976274b2077d177d6801b3eadb1120baf7e6f571c31be97efc0030fd3abc34f5N
Size

682KB
Sample

241110-g3gnds1gpf
MD5

00457cb0aca1036a1a597ad1ff009030
SHA1

56f660e5de3a32ba00da9a7873582bdcb8d35eab
SHA256

976274b2077d177d6801b3eadb1120baf7e6f571c31be97efc0030fd3abc34f5
SHA512

e9c6c564b584e5675ad34c9664214f5d017dee89ca40f4d5d15480596415d04b82c300b68a94075b51d1c91a3d07acfc72036f7b93cf7b196647a25cf37984f6
SSDEEP

12288:PskfnppoV3zdSnY0j1AgZOhcpP57+N38dO2H2+2C/JkdF4UWQ:PsQroUYezpPl+Z8dzH2kJc/WQ

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:4444

Mutex

DC_MUTEX-VZJARUA

Attributes

gencode
m68Z2CkTBGc3
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  976274b2077d177d6801b3eadb1120baf7e6f571c31be97efc0030fd3abc34f5N
- Size
  
  682KB
- MD5
  
  00457cb0aca1036a1a597ad1ff009030
- SHA1
  
  56f660e5de3a32ba00da9a7873582bdcb8d35eab
- SHA256
  
  976274b2077d177d6801b3eadb1120baf7e6f571c31be97efc0030fd3abc34f5
- SHA512
  
  e9c6c564b584e5675ad34c9664214f5d017dee89ca40f4d5d15480596415d04b82c300b68a94075b51d1c91a3d07acfc72036f7b93cf7b196647a25cf37984f6
- SSDEEP
  
  12288:PskfnppoV3zdSnY0j1AgZOhcpP57+N38dO2H2+2C/JkdF4UWQ:PsQroUYezpPl+Z8dzH2kJc/WQ
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryrattrojan

behavioral2

darkcometguest16discoveryrattrojan