General

  • Target

    5f658d272e0f940451890bcb0d15aea2839df2bd1bf59bb004f42e591926b28d

  • Size

    662KB

  • Sample

    221019-2pvnbabgbp

  • MD5

    915cdf286ecfee093a31b737f22b43e0

  • SHA1

    902ca851fb183ae8d0d17b8bd17509e81f939583

  • SHA256

    5f658d272e0f940451890bcb0d15aea2839df2bd1bf59bb004f42e591926b28d

  • SHA512

    2622b8d105f17c80b1590f1ea43bbbb09644300546c381b6dc08ab86541d99b9b8d2d0d5be5296af5ff2d4c8a8ab86a0c0836bd07e54916c35fae557465148eb

  • SSDEEP

    12288:xiShEbFEGI58aLqN5YRNnZd6lQghXJuUzFbPHhyRgGhhahcjgmFijdbtDFZ/:sSiktLqGdY5W/

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

darkcometger.zapto.org:21

Mutex

DC_MUTEX-M0EUZ5H

Attributes
  • gencode

    kDadR43787yc

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5f658d272e0f940451890bcb0d15aea2839df2bd1bf59bb004f42e591926b28d

    • Size

      662KB

    • MD5

      915cdf286ecfee093a31b737f22b43e0

    • SHA1

      902ca851fb183ae8d0d17b8bd17509e81f939583

    • SHA256

      5f658d272e0f940451890bcb0d15aea2839df2bd1bf59bb004f42e591926b28d

    • SHA512

      2622b8d105f17c80b1590f1ea43bbbb09644300546c381b6dc08ab86541d99b9b8d2d0d5be5296af5ff2d4c8a8ab86a0c0836bd07e54916c35fae557465148eb

    • SSDEEP

      12288:xiShEbFEGI58aLqN5YRNnZd6lQghXJuUzFbPHhyRgGhhahcjgmFijdbtDFZ/:sSiktLqGdY5W/

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks