General

  • Target

    1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c

  • Size

    722KB

  • Sample

    221019-3efbbachhp

  • MD5

    91830b892702d4496c4ecd45a191d330

  • SHA1

    7af0492e53b346643a77b04513155cd864af3199

  • SHA256

    1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c

  • SHA512

    face37fe329a81cc98bc0f8030f6d42f9a659d4fe541e4f2304730abb5957cde476f12af4bc40b8723c110581f50bddbbf401f0b86b0afc0fa2f4e26a717e657

  • SSDEEP

    12288:vr5sjXgP0xVrcocupwKINhLjNWuwcWd17YBB3Xox2qz+uQ3JuJTXh2v+m:vr+gP+9FpwK5uwcWd5ooRyL5N9

Malware Config

Extracted

Family

darkcomet

Botnet

b_warden0111

C2

warden.zapto.org:34282

Mutex

DC_MUTEX-XTJ4R0M

Attributes
  • gencode

    StHkpYefFW6V

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c

    • Size

      722KB

    • MD5

      91830b892702d4496c4ecd45a191d330

    • SHA1

      7af0492e53b346643a77b04513155cd864af3199

    • SHA256

      1cf894034aa3ae6187472ce8e545cd0f2e24b0407696cd9654676ffc87eeaa5c

    • SHA512

      face37fe329a81cc98bc0f8030f6d42f9a659d4fe541e4f2304730abb5957cde476f12af4bc40b8723c110581f50bddbbf401f0b86b0afc0fa2f4e26a717e657

    • SSDEEP

      12288:vr5sjXgP0xVrcocupwKINhLjNWuwcWd17YBB3Xox2qz+uQ3JuJTXh2v+m:vr+gP+9FpwK5uwcWd5ooRyL5N9

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks