General

  • Target

    3343ad55f0b9e8f7e70fba5ef5568d28a4b157d649138cd1499c357df8a8e5f0

  • Size

    948KB

  • Sample

    221011-lfvzqagba5

  • MD5

    7732d909b72f1deed873c243a1996d9e

  • SHA1

    4f48468a5f0c8a4fe5d1d4cd7c79af261cd3bd10

  • SHA256

    3343ad55f0b9e8f7e70fba5ef5568d28a4b157d649138cd1499c357df8a8e5f0

  • SHA512

    fa2a92fff9422c81a5c39456e508af492358209952b4d28439f0d9683bd4e16f9a4c77d875f1f05c12253aa14c700668ff9259462b461d108e90c758275012f3

  • SSDEEP

    24576:G8PqPZXFIqhItlqTDqdIyxsGGsl5RXguOG/:v0ZFdwfr5Hu

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

emptyblackstare.no-ip.biz:1604

Mutex

DC_MUTEX-CM0HLD6

Attributes
  • gencode

    6NrbynrX1yDz

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      3343ad55f0b9e8f7e70fba5ef5568d28a4b157d649138cd1499c357df8a8e5f0

    • Size

      948KB

    • MD5

      7732d909b72f1deed873c243a1996d9e

    • SHA1

      4f48468a5f0c8a4fe5d1d4cd7c79af261cd3bd10

    • SHA256

      3343ad55f0b9e8f7e70fba5ef5568d28a4b157d649138cd1499c357df8a8e5f0

    • SHA512

      fa2a92fff9422c81a5c39456e508af492358209952b4d28439f0d9683bd4e16f9a4c77d875f1f05c12253aa14c700668ff9259462b461d108e90c758275012f3

    • SSDEEP

      24576:G8PqPZXFIqhItlqTDqdIyxsGGsl5RXguOG/:v0ZFdwfr5Hu

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks