General

  • Target

    1e23a8c32750549cce7c07c6d2f657b8bf3d4d818553ca82086aca3964e88e89

  • Size

    853KB

  • Sample

    221003-njczesdfd3

  • MD5

    695c32bacd35691dd28286e75ec7afb0

  • SHA1

    a96d0dad6b5f1100c286895df5565cdb9404ff21

  • SHA256

    1e23a8c32750549cce7c07c6d2f657b8bf3d4d818553ca82086aca3964e88e89

  • SHA512

    328073e5d79987df9614ce3ead88a5b35194290e89aa5d34ba4081f32df51652691d18f8a4fa5fd624898eca1c20dfc7978d4a1522a3727971475e69e396d6ab

  • SSDEEP

    24576:UL4wOheqn4XpUoTrKoO3J7p/1nrXG7p/on6HehNHLz:lwOaUwrKog7ptXvndhNrz

Malware Config

Extracted

Family

darkcomet

Botnet

Vittima

C2

xblitz.no-ip.biz:1604

Mutex

DC_MUTEX-1L07FZZ

Attributes
  • gencode

    20p7fMDkycyd

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      1e23a8c32750549cce7c07c6d2f657b8bf3d4d818553ca82086aca3964e88e89

    • Size

      853KB

    • MD5

      695c32bacd35691dd28286e75ec7afb0

    • SHA1

      a96d0dad6b5f1100c286895df5565cdb9404ff21

    • SHA256

      1e23a8c32750549cce7c07c6d2f657b8bf3d4d818553ca82086aca3964e88e89

    • SHA512

      328073e5d79987df9614ce3ead88a5b35194290e89aa5d34ba4081f32df51652691d18f8a4fa5fd624898eca1c20dfc7978d4a1522a3727971475e69e396d6ab

    • SSDEEP

      24576:UL4wOheqn4XpUoTrKoO3J7p/1nrXG7p/on6HehNHLz:lwOaUwrKog7ptXvndhNrz

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks