General

  • Target

    cd245c1251bfc72f419fb7c83060a3a9efbbec3fafa929fb9c80dcc6f92aad5e

  • Size

    828KB

  • Sample

    221011-lamq6afgd9

  • MD5

    4eca7e02253026af943145c91b074ea0

  • SHA1

    9b1393f8a3af0d3efb0f63827395b760b8f7f9e8

  • SHA256

    cd245c1251bfc72f419fb7c83060a3a9efbbec3fafa929fb9c80dcc6f92aad5e

  • SHA512

    0318eeb6930f7e4c6ddac704df17c505e93390565494d3f859c736f8cdfb1cc48280e6fc9e7737d76485383d569b70944f36e8146f7942484884e3e6e369c21e

  • SSDEEP

    24576:Bj6xg4xM2lWBBtwtnCDnlm8E34+mnmgSRbnn:B2x9SrBtwnCRm8EAmgwn

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-56W4JDA

Attributes
  • gencode

    M7P3tLX5ydih

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      cd245c1251bfc72f419fb7c83060a3a9efbbec3fafa929fb9c80dcc6f92aad5e

    • Size

      828KB

    • MD5

      4eca7e02253026af943145c91b074ea0

    • SHA1

      9b1393f8a3af0d3efb0f63827395b760b8f7f9e8

    • SHA256

      cd245c1251bfc72f419fb7c83060a3a9efbbec3fafa929fb9c80dcc6f92aad5e

    • SHA512

      0318eeb6930f7e4c6ddac704df17c505e93390565494d3f859c736f8cdfb1cc48280e6fc9e7737d76485383d569b70944f36e8146f7942484884e3e6e369c21e

    • SSDEEP

      24576:Bj6xg4xM2lWBBtwtnCDnlm8E34+mnmgSRbnn:B2x9SrBtwnCRm8EAmgwn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks