General

  • Target

    610852259b20b2ce78a9e911ecb6c18b4ea1573720b1c2f38ae5840d39e08dd3

  • Size

    599KB

  • Sample

    221019-2pdd2abgak

  • MD5

    a180ae2162fb2890b4d896e505258da0

  • SHA1

    feae582d73a75a1321884ba637e423ae1ba2b754

  • SHA256

    610852259b20b2ce78a9e911ecb6c18b4ea1573720b1c2f38ae5840d39e08dd3

  • SHA512

    c6edc7c7795d122be0ee046551533a24af49294d86d8bf8cc2f27fc0df87cf97dc1576f3138fe8a5c285648dc9508b2e69a2c53f9b0b213253994a1eec394d3f

  • SSDEEP

    12288:iZeaavLa8bzjN4Pt5FzME83a+6aWdRnsK/lGRgOUqmq9kR6lhKXbNZpAesF:weag5jyPt5F9kiaSCK/cRgOnmq9g6mzC

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lioneltn.zapto.org:81

Mutex

DC_MUTEX-WCCDUJP

Attributes
  • gencode

    aB6YKgneSs8v

  • install

    false

  • offline_keylogger

    true

  • password

    123

  • persistence

    false

Targets

    • Target

      610852259b20b2ce78a9e911ecb6c18b4ea1573720b1c2f38ae5840d39e08dd3

    • Size

      599KB

    • MD5

      a180ae2162fb2890b4d896e505258da0

    • SHA1

      feae582d73a75a1321884ba637e423ae1ba2b754

    • SHA256

      610852259b20b2ce78a9e911ecb6c18b4ea1573720b1c2f38ae5840d39e08dd3

    • SHA512

      c6edc7c7795d122be0ee046551533a24af49294d86d8bf8cc2f27fc0df87cf97dc1576f3138fe8a5c285648dc9508b2e69a2c53f9b0b213253994a1eec394d3f

    • SSDEEP

      12288:iZeaavLa8bzjN4Pt5FzME83a+6aWdRnsK/lGRgOUqmq9kR6lhKXbNZpAesF:weag5jyPt5F9kiaSCK/cRgOnmq9g6mzC

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks