General

  • Target

    6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8

  • Size

    907KB

  • Sample

    221019-2j9v2sbedn

  • MD5

    913b54db947f67d94d58823418f74aa0

  • SHA1

    066eceedbc3174bcc93fdab828de31969744c4d4

  • SHA256

    6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8

  • SHA512

    501145d4af6678c12143dc8a00f2a705a1393c52f792fb815da194558cdc301f8fefeab70236410851e29f9156d690a5218d2865295d2a18b4a4ebcafe7a6b57

  • SSDEEP

    24576:VtxKCO6Bwy1yO9QTyFjqAaP+vg0iSx3J1z:Vtxr6O8yjQP+PHrz

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hellohamid.no-ip.org:1604

Mutex

DC_MUTEX-JAYYFG0

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    qfXdGq48XLNR

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8

    • Size

      907KB

    • MD5

      913b54db947f67d94d58823418f74aa0

    • SHA1

      066eceedbc3174bcc93fdab828de31969744c4d4

    • SHA256

      6d9bc21f8ee1effb69aafc1fa4ee2153c54572f12eb1b2022951694b1af109b8

    • SHA512

      501145d4af6678c12143dc8a00f2a705a1393c52f792fb815da194558cdc301f8fefeab70236410851e29f9156d690a5218d2865295d2a18b4a4ebcafe7a6b57

    • SSDEEP

      24576:VtxKCO6Bwy1yO9QTyFjqAaP+vg0iSx3J1z:Vtxr6O8yjQP+PHrz

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks