General

  • Target

    92c1a4e5f6ca780c8a0aeb4843d9db27ab9e4c3072c61ef075025ad69791df7a

  • Size

    690KB

  • Sample

    221003-tmpqaaebgr

  • MD5

    61339b811513f55e2d7940bbcb7c76b0

  • SHA1

    8a3dc3fb934d61d88b5edda445f5adfbed340b5e

  • SHA256

    92c1a4e5f6ca780c8a0aeb4843d9db27ab9e4c3072c61ef075025ad69791df7a

  • SHA512

    f018324a83ff26c0c70cc9bd9c72ab6fbe3fb28e7a2b374ce5a5164e8e06a20fe885ff9793b3d85438f9378bb0dbc1ba6278d7c6599ccddd30552784e3ad97d1

  • SSDEEP

    12288:i9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFwG:OiBIGkbxqEcjsWiDxguehC2SI

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

dozor93.zapto.org:1604

Mutex

DC_MUTEX-JQT8VA7

Attributes
  • gencode

    6TxuXc2CcdHf

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      92c1a4e5f6ca780c8a0aeb4843d9db27ab9e4c3072c61ef075025ad69791df7a

    • Size

      690KB

    • MD5

      61339b811513f55e2d7940bbcb7c76b0

    • SHA1

      8a3dc3fb934d61d88b5edda445f5adfbed340b5e

    • SHA256

      92c1a4e5f6ca780c8a0aeb4843d9db27ab9e4c3072c61ef075025ad69791df7a

    • SHA512

      f018324a83ff26c0c70cc9bd9c72ab6fbe3fb28e7a2b374ce5a5164e8e06a20fe885ff9793b3d85438f9378bb0dbc1ba6278d7c6599ccddd30552784e3ad97d1

    • SSDEEP

      12288:i9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFwG:OiBIGkbxqEcjsWiDxguehC2SI

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks