General

  • Target

    b80454183ad2b89b7ba1eed661400a3f038e04bff4e28392a23f11a9ddca2fd7

  • Size

    567KB

  • Sample

    221019-1q5dgaaba7

  • MD5

    90cf89f89603fd9f771ced696e8234ae

  • SHA1

    1d04e52ecbc434f787aa83831ca35d3db62349f8

  • SHA256

    b80454183ad2b89b7ba1eed661400a3f038e04bff4e28392a23f11a9ddca2fd7

  • SHA512

    ab1477cbb9eebed236665b16e81a68aec76ba6fb4a8d53e832cc0c95fdae5f5a296efd5c94738264692faf7deafd2b78ababed36da184f43acd1641ab90b8758

  • SSDEEP

    12288:elyft7ITonzpfb94yjpYIPWsbNKNsH8A4pQY5MO62Tupc:eAftnzpb9dpYKWUKNs+pQ5O6Yupc

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Extracted

Family

darkcomet

Botnet

Guest16

C2

192.168.1.10:1604

Mutex

DC_MUTEX-AN26JS6

Attributes
  • gencode

    UvReUG8FR4Qf

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      b80454183ad2b89b7ba1eed661400a3f038e04bff4e28392a23f11a9ddca2fd7

    • Size

      567KB

    • MD5

      90cf89f89603fd9f771ced696e8234ae

    • SHA1

      1d04e52ecbc434f787aa83831ca35d3db62349f8

    • SHA256

      b80454183ad2b89b7ba1eed661400a3f038e04bff4e28392a23f11a9ddca2fd7

    • SHA512

      ab1477cbb9eebed236665b16e81a68aec76ba6fb4a8d53e832cc0c95fdae5f5a296efd5c94738264692faf7deafd2b78ababed36da184f43acd1641ab90b8758

    • SSDEEP

      12288:elyft7ITonzpfb94yjpYIPWsbNKNsH8A4pQY5MO62Tupc:eAftnzpb9dpYKWUKNs+pQ5O6Yupc

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks