darkcomet | ee15762a407865e6821e3aac29f7089decaa56cb686231c865ff38b232b5fb90 | Triage

Sharing

General

Target

ee15762a407865e6821e3aac29f7089decaa56cb686231c865ff38b232b5fb90.exe
Size

729KB
Sample

241231-k4tk5atkht
MD5

3536d9f2f4a8beeb9d007be416c65cfe
SHA1

0f3ea40b9cd650ace901a6db5e1e1ed3d8845dda
SHA256

ee15762a407865e6821e3aac29f7089decaa56cb686231c865ff38b232b5fb90
SHA512

70c50e4be36f8ba4d145496825d903561a9bfa54fb7154a74a8c8fa1fd634dff8a7a4acbb83e52781d044efc13ab1974d3ae3482455d6074a943bfd8969a530e
SSDEEP

12288:uLU768X1JnK+62pn/XTBeB5vpAPN5DFY+4zSsva0beWTr+YzZNQPUFhpd4oSYxlp:z68PK+BNg9GY+4pbaYNNQIpdZSgp

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  ee15762a407865e6821e3aac29f7089decaa56cb686231c865ff38b232b5fb90.exe
- Size
  
  729KB
- MD5
  
  3536d9f2f4a8beeb9d007be416c65cfe
- SHA1
  
  0f3ea40b9cd650ace901a6db5e1e1ed3d8845dda
- SHA256
  
  ee15762a407865e6821e3aac29f7089decaa56cb686231c865ff38b232b5fb90
- SHA512
  
  70c50e4be36f8ba4d145496825d903561a9bfa54fb7154a74a8c8fa1fd634dff8a7a4acbb83e52781d044efc13ab1974d3ae3482455d6074a943bfd8969a530e
- SSDEEP
  
  12288:uLU768X1JnK+62pn/XTBeB5vpAPN5DFY+4zSsva0beWTr+YzZNQPUFhpd4oSYxlp:z68PK+BNg9GY+4pbaYNNQIpdZSgp
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan