darkcomet | 0d6f5f653c1d3d01558c3274f80be2e97019011cc853e86c9cb8babc3cd77e2c | Triage

Sharing

General

Target

0d6f5f653c1d3d01558c3274f80be2e97019011cc853e86c9cb8babc3cd77e2c
Size

1.0MB
Sample

250106-ynr91syjam
MD5

03e914b995edb22333a349c9e0bf03b3
SHA1

b4c869b2ef72cfd5191ffd9715468b275969828a
SHA256

0d6f5f653c1d3d01558c3274f80be2e97019011cc853e86c9cb8babc3cd77e2c
SHA512

b5c2061697dbc0953a8783390e1dc0b9bc886dabb88af72ec6bc93a097689892b5e851ed6c3c5e804555377086cf5553abe4f42cb1b5c2da485e21f5c8a24e45
SSDEEP

24576:Dmk5lx23SxfyPkGxi3sjd/Zi6MA3FjW8:3KPM3sjdvMAdz

Score

10^/10

darkcomet guest16 discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-0K9EJY2

Attributes

gencode
VNnQR4RFrmUu
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  0d6f5f653c1d3d01558c3274f80be2e97019011cc853e86c9cb8babc3cd77e2c
- Size
  
  1.0MB
- MD5
  
  03e914b995edb22333a349c9e0bf03b3
- SHA1
  
  b4c869b2ef72cfd5191ffd9715468b275969828a
- SHA256
  
  0d6f5f653c1d3d01558c3274f80be2e97019011cc853e86c9cb8babc3cd77e2c
- SHA512
  
  b5c2061697dbc0953a8783390e1dc0b9bc886dabb88af72ec6bc93a097689892b5e851ed6c3c5e804555377086cf5553abe4f42cb1b5c2da485e21f5c8a24e45
- SSDEEP
  
  24576:Dmk5lx23SxfyPkGxi3sjd/Zi6MA3FjW8:3KPM3sjdvMAdz
Score

10^/10

darkcomet guest16 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkcometguest16discoveryrattrojan