General

  • Target

    5071a3295190cab6a24b7dabf102b23a428edd29edcafb6aa7771ebbcf43e055

  • Size

    458KB

  • Sample

    221003-njf13sdgcm

  • MD5

    6a5d8097cc92366744460cf759bbee60

  • SHA1

    425a7788b483e87a51f4a0c77338db34e437d0f7

  • SHA256

    5071a3295190cab6a24b7dabf102b23a428edd29edcafb6aa7771ebbcf43e055

  • SHA512

    b01cab9bb7c4488e662bfe44c75678c07aba5f03e7e18b1fe9fbb9bb592fa02a0ada88429c2d37f2447b244c72e1c38c2eb274226b05ad02e92f657609dcb200

  • SSDEEP

    12288:Ji0GDchCNXKqRDyC7SZJRgQOEwMMMMMMZg:Ji0GDccxkES/pOTMMMMMMS

Malware Config

Extracted

Family

darkcomet

Botnet

ItunesSync10

C2

securityservice.sytes.net:89

Mutex

DC_MUTEX-Q02E8M5

Attributes
  • gencode

    CYEhKDMXoEXN

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5071a3295190cab6a24b7dabf102b23a428edd29edcafb6aa7771ebbcf43e055

    • Size

      458KB

    • MD5

      6a5d8097cc92366744460cf759bbee60

    • SHA1

      425a7788b483e87a51f4a0c77338db34e437d0f7

    • SHA256

      5071a3295190cab6a24b7dabf102b23a428edd29edcafb6aa7771ebbcf43e055

    • SHA512

      b01cab9bb7c4488e662bfe44c75678c07aba5f03e7e18b1fe9fbb9bb592fa02a0ada88429c2d37f2447b244c72e1c38c2eb274226b05ad02e92f657609dcb200

    • SSDEEP

      12288:Ji0GDchCNXKqRDyC7SZJRgQOEwMMMMMMZg:Ji0GDccxkES/pOTMMMMMMS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks