General

  • Target

    0c71e6093bc6619be0915f156e4bae73c7a82edb97d81b36e94d321d6b558238

  • Size

    728KB

  • Sample

    221019-3lnahadcgm

  • MD5

    90e29f3da7468b6999d7a553d60c8500

  • SHA1

    d4a6bc081a5c7d5b866f94f17ab590170daa1893

  • SHA256

    0c71e6093bc6619be0915f156e4bae73c7a82edb97d81b36e94d321d6b558238

  • SHA512

    bc62f5fe8cd3790ce6dec077b4526982dde84692e9a0b71dbe0877f40906dd94425015ad30c9cf82e848f48c558f307a5d82533750e0e979cfa9c21b6bc4b0b4

  • SSDEEP

    12288:L7iArVhsYv8Owh0voX0Vnbnv5AkxbhcbiUq8ClqulwvsHLZBO9X:L7T3Q0v2WRfbuuUqVIvIVSX

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-VF5VAAH

Attributes
  • gencode

    DXEfTzvFoZfA

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      0c71e6093bc6619be0915f156e4bae73c7a82edb97d81b36e94d321d6b558238

    • Size

      728KB

    • MD5

      90e29f3da7468b6999d7a553d60c8500

    • SHA1

      d4a6bc081a5c7d5b866f94f17ab590170daa1893

    • SHA256

      0c71e6093bc6619be0915f156e4bae73c7a82edb97d81b36e94d321d6b558238

    • SHA512

      bc62f5fe8cd3790ce6dec077b4526982dde84692e9a0b71dbe0877f40906dd94425015ad30c9cf82e848f48c558f307a5d82533750e0e979cfa9c21b6bc4b0b4

    • SSDEEP

      12288:L7iArVhsYv8Owh0voX0Vnbnv5AkxbhcbiUq8ClqulwvsHLZBO9X:L7T3Q0v2WRfbuuUqVIvIVSX

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks