General

  • Target

    a01097d70197391ad6ec307f0f91b5562826c3a719df9f5f9d24887c6b70f79c

  • Size

    251KB

  • Sample

    221014-l2z6kaadd9

  • MD5

    4c5edf1a31eeb64ee48f0159d9d98fb0

  • SHA1

    2f7bac6ca8d7b1cf65b6917d2b8b4b17ae25f62b

  • SHA256

    a01097d70197391ad6ec307f0f91b5562826c3a719df9f5f9d24887c6b70f79c

  • SHA512

    6bbb3c7a119f6b38deb2d2f25d770f26b49f02a9f69a5318bdc5739ae9c8295a822580bc6b9e3e58ca464ffb5dcdac8c9a9ca82768064b0d5fd282c3d608f1f6

  • SSDEEP

    6144:fcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37+:fcW7KEZlPzCy37

Malware Config

Extracted

Family

darkcomet

Botnet

johy

C2

johnybooy.no-ip.biz:1604

Mutex

DC_MUTEX-UTSMXUR

Attributes
  • gencode

    P0LMN55KUSk7

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      a01097d70197391ad6ec307f0f91b5562826c3a719df9f5f9d24887c6b70f79c

    • Size

      251KB

    • MD5

      4c5edf1a31eeb64ee48f0159d9d98fb0

    • SHA1

      2f7bac6ca8d7b1cf65b6917d2b8b4b17ae25f62b

    • SHA256

      a01097d70197391ad6ec307f0f91b5562826c3a719df9f5f9d24887c6b70f79c

    • SHA512

      6bbb3c7a119f6b38deb2d2f25d770f26b49f02a9f69a5318bdc5739ae9c8295a822580bc6b9e3e58ca464ffb5dcdac8c9a9ca82768064b0d5fd282c3d608f1f6

    • SSDEEP

      6144:fcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37+:fcW7KEZlPzCy37

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks