General

  • Target

    d31854521a26ec029c75885a002ca535675b1b4beb16afa9ecd2b7a88b2b8800

  • Size

    251KB

  • Sample

    220725-drczaacda9

  • MD5

    0f61bb927aa4035520e860a85530a50f

  • SHA1

    9c2a603aef62eee3a1e72f3995601c65e2d78006

  • SHA256

    d31854521a26ec029c75885a002ca535675b1b4beb16afa9ecd2b7a88b2b8800

  • SHA512

    cab2f1edfdfa93688789aa21b5c1150b50b15460bf7ef2ac23d972802f3ae800a2fac431e5973f2d5870ec6563a94434e21ccd74fb4776b7249c51995deece5e

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

galdar.ddns.net:81

galdar.ddns.net:1604

192.168.0.102:1604

192.168.0.102:81

Mutex

DC_MUTEX-1PDNHCJ

Attributes
  • gencode

    YJaw41lPsyCc

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d31854521a26ec029c75885a002ca535675b1b4beb16afa9ecd2b7a88b2b8800

    • Size

      251KB

    • MD5

      0f61bb927aa4035520e860a85530a50f

    • SHA1

      9c2a603aef62eee3a1e72f3995601c65e2d78006

    • SHA256

      d31854521a26ec029c75885a002ca535675b1b4beb16afa9ecd2b7a88b2b8800

    • SHA512

      cab2f1edfdfa93688789aa21b5c1150b50b15460bf7ef2ac23d972802f3ae800a2fac431e5973f2d5870ec6563a94434e21ccd74fb4776b7249c51995deece5e

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks