General

  • Target

    0e88801eda127156d4c54457ebf6e283c46c2f3f9afe001c20820afb27a1a925

  • Size

    658KB

  • Sample

    221011-k9s7jsfgb8

  • MD5

    56964a965da08db5ee1b7fe60d4cff33

  • SHA1

    268afb89b0efbd938ccd87a372e890df1ab99383

  • SHA256

    0e88801eda127156d4c54457ebf6e283c46c2f3f9afe001c20820afb27a1a925

  • SHA512

    455bc090271e7792a32b831d3a964c73b45af3a651912aed8ce55066454d4302d62fb5773fe1eba24602d48f02d12c422181b528cb955a096c98656b308a82f0

  • SSDEEP

    12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:OZ1xuVVjfFoynPaVBUR8f+kN10EBy

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

exe

C2

amsrafik.no-ip.biz:1604

Mutex

DC_MUTEX-RXHBBQD

Attributes
  • gencode

    QeWYnQnEyjw2

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      0e88801eda127156d4c54457ebf6e283c46c2f3f9afe001c20820afb27a1a925

    • Size

      658KB

    • MD5

      56964a965da08db5ee1b7fe60d4cff33

    • SHA1

      268afb89b0efbd938ccd87a372e890df1ab99383

    • SHA256

      0e88801eda127156d4c54457ebf6e283c46c2f3f9afe001c20820afb27a1a925

    • SHA512

      455bc090271e7792a32b831d3a964c73b45af3a651912aed8ce55066454d4302d62fb5773fe1eba24602d48f02d12c422181b528cb955a096c98656b308a82f0

    • SSDEEP

      12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:OZ1xuVVjfFoynPaVBUR8f+kN10EBy

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks