darkcomet

General

Target

f1e4929865f60231ee7192d027ff818fa5c1df2338834580f6a61b63092f6904
Size

758KB
Sample

241218-h1rk9azncq
MD5

998fb47d01fba99cd7d3c895cd980fdf
SHA1

3db1e5543b1d18a88a3b59fc226bb8c12a110b35
SHA256

f1e4929865f60231ee7192d027ff818fa5c1df2338834580f6a61b63092f6904
SHA512

81135e73c9ccb0ec54197dda0f45a248fc7a2bc94b6adc5471e17f5ac1388a5928908b62b56a93fa11ed6ce9cd5d8bf5363f2078d2657eb0f7f616bc415eab89
SSDEEP

12288:OWRJAqE2AdhVhfTUOsSu45Tl1FjUlIeCs7CMbI1JPMTJ+Fb0HtIxYT7h:xR+q7Ar/fKS1p1FjUlIeCs7CMwCJGMvl

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

error404.no-ip.info:1604

something.no-ip.info:1604

error404.no-ip.info:3737

something404.no-ip.info:3737

Mutex

DC_MUTEX-55YMXAT

Attributes

gencode
WwVUfkcCarWy
install
false
offline_keylogger
true
password
bd0rk123
persistence
false

Targets

- Target
  
  f1e4929865f60231ee7192d027ff818fa5c1df2338834580f6a61b63092f6904
- Size
  
  758KB
- MD5
  
  998fb47d01fba99cd7d3c895cd980fdf
- SHA1
  
  3db1e5543b1d18a88a3b59fc226bb8c12a110b35
- SHA256
  
  f1e4929865f60231ee7192d027ff818fa5c1df2338834580f6a61b63092f6904
- SHA512
  
  81135e73c9ccb0ec54197dda0f45a248fc7a2bc94b6adc5471e17f5ac1388a5928908b62b56a93fa11ed6ce9cd5d8bf5363f2078d2657eb0f7f616bc415eab89
- SSDEEP
  
  12288:OWRJAqE2AdhVhfTUOsSu45Tl1FjUlIeCs7CMbI1JPMTJ+Fb0HtIxYT7h:xR+q7Ar/fKS1p1FjUlIeCs7CMwCJGMvl
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2