General

  • Target

    15fd75966e2679295e2fa45e8ed2b13f91eca1d4b74e8a813ba57e0ef3221eb9

  • Size

    796KB

  • Sample

    221019-3g2x4adbcn

  • MD5

    90d34c82baffe98e2cd28de411cea7c0

  • SHA1

    e840fbb43f48a346aef1063cad4900b1276dcefe

  • SHA256

    15fd75966e2679295e2fa45e8ed2b13f91eca1d4b74e8a813ba57e0ef3221eb9

  • SHA512

    714a28764535755323e6663e3009e7295f9039e2fd8bf587cbdb83daa3699183ad539f0b521018d461033d9ec48f9fb75bf63ffc30774850c0c98f046e8c9b3b

  • SSDEEP

    24576:5AWI3UnM5HFMyvoY83Hma0MZwW4RkuJiWCrs:5AftFC9XZwn1

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:82

Mutex

DC_MUTEX-SH548SY

Attributes
  • gencode

    qYng4bnBA0nx

  • install

    false

  • offline_keylogger

    true

  • password

    0605

  • persistence

    false

Targets

    • Target

      15fd75966e2679295e2fa45e8ed2b13f91eca1d4b74e8a813ba57e0ef3221eb9

    • Size

      796KB

    • MD5

      90d34c82baffe98e2cd28de411cea7c0

    • SHA1

      e840fbb43f48a346aef1063cad4900b1276dcefe

    • SHA256

      15fd75966e2679295e2fa45e8ed2b13f91eca1d4b74e8a813ba57e0ef3221eb9

    • SHA512

      714a28764535755323e6663e3009e7295f9039e2fd8bf587cbdb83daa3699183ad539f0b521018d461033d9ec48f9fb75bf63ffc30774850c0c98f046e8c9b3b

    • SSDEEP

      24576:5AWI3UnM5HFMyvoY83Hma0MZwW4RkuJiWCrs:5AftFC9XZwn1

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks