General

  • Target

    8acd0f755534245e1f4b90078d9304def24f508c4841f02fe8fc291164208d63

  • Size

    748KB

  • Sample

    221003-tmlzdsebgp

  • MD5

    6cbc08eaa988d92cfcfb7cd102c97e00

  • SHA1

    cfd8ba1eaa080edfc1ef46b8b27e445225d33c63

  • SHA256

    8acd0f755534245e1f4b90078d9304def24f508c4841f02fe8fc291164208d63

  • SHA512

    7e27ec2e66d4fb6fc838ce62f42a7ce473f3b6051f0465b0a5bfaae974f525812a512edf4ed35d69ba74b883448abaf8984ae30e902f6c0cec7d78a08265aa2c

  • SSDEEP

    12288:D5B1ylHxSSr9hOUlTV4/5FNYwn8HSUnV+htx0RKPy7ZJXG3pA8GJ8rXlmD:D5G9xXnPlR25Fmw8yPhn0Yy7W3u8GJ8m

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:81

Mutex

DC_MUTEX-N6ZMQNK

Attributes
  • gencode

    ipwHAlMutlC9

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      8acd0f755534245e1f4b90078d9304def24f508c4841f02fe8fc291164208d63

    • Size

      748KB

    • MD5

      6cbc08eaa988d92cfcfb7cd102c97e00

    • SHA1

      cfd8ba1eaa080edfc1ef46b8b27e445225d33c63

    • SHA256

      8acd0f755534245e1f4b90078d9304def24f508c4841f02fe8fc291164208d63

    • SHA512

      7e27ec2e66d4fb6fc838ce62f42a7ce473f3b6051f0465b0a5bfaae974f525812a512edf4ed35d69ba74b883448abaf8984ae30e902f6c0cec7d78a08265aa2c

    • SSDEEP

      12288:D5B1ylHxSSr9hOUlTV4/5FNYwn8HSUnV+htx0RKPy7ZJXG3pA8GJ8rXlmD:D5G9xXnPlR25Fmw8yPhn0Yy7W3u8GJ8m

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks