General

  • Target

    csgocheats.bin

  • Size

    251KB

  • Sample

    220716-nqlj5sbef3

  • MD5

    c005eb7f7944cbcd4d9d51ae29ef65d8

  • SHA1

    b242d76d29366b738f7b440f3eb605da0fbad953

  • SHA256

    42cadb98f1c11097d4225b2362e6401fe0f824a252f678cc56f7f8ccc3aa864a

  • SHA512

    7fabd9d0cf5f19ec5239e4ae26b4ab68ca39d422030760abd18ec2872c70da842c403f16b32efd262933e212bd4c91e2a0545f8cf93ef5739e10c5471a38a1b9

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

6.tcp.eu.ngrok.io:15880

6.tcp.eu.ngrok.io:1604

Mutex

DC_MUTEX-0RVKWFZ

Attributes
  • gencode

    Bb0ltx0SSKFL

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      csgocheats.bin

    • Size

      251KB

    • MD5

      c005eb7f7944cbcd4d9d51ae29ef65d8

    • SHA1

      b242d76d29366b738f7b440f3eb605da0fbad953

    • SHA256

      42cadb98f1c11097d4225b2362e6401fe0f824a252f678cc56f7f8ccc3aa864a

    • SHA512

      7fabd9d0cf5f19ec5239e4ae26b4ab68ca39d422030760abd18ec2872c70da842c403f16b32efd262933e212bd4c91e2a0545f8cf93ef5739e10c5471a38a1b9

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • suricata: ET MALWARE Backdoor.Win32.DarkComet Screenshot Upload Successful

      suricata: ET MALWARE Backdoor.Win32.DarkComet Screenshot Upload Successful

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks