General

  • Target

    13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed

  • Size

    1.4MB

  • Sample

    221123-s65p6sdb94

  • MD5

    cc010a9788fb94a30ffc7e7ce3572c74

  • SHA1

    ef63edaecff71c8ca3aa3f3be5ceb1a18bd38672

  • SHA256

    13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed

  • SHA512

    fcbcc4efd16561411349e55e3461064ac642910053ecd30459cb4bc27895b3736616fd57600f82343a0597a62a002fcd68c6b77336954f104324b05e3f623fc3

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaHfPFt+j/KIprM8KJGVG18XRjypuVPAZNbz:7JZoQrbTFZY1iaHfttw/RMNkWOR+AVPO

Malware Config

Extracted

Family

darkcomet

Botnet

Sept

C2

daynasmithx.ddns.net:100

Mutex

DCMIN_MUTEX-HFVU8P5

Attributes
  • gencode

    cehBMBEe408f

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed

    • Size

      1.4MB

    • MD5

      cc010a9788fb94a30ffc7e7ce3572c74

    • SHA1

      ef63edaecff71c8ca3aa3f3be5ceb1a18bd38672

    • SHA256

      13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed

    • SHA512

      fcbcc4efd16561411349e55e3461064ac642910053ecd30459cb4bc27895b3736616fd57600f82343a0597a62a002fcd68c6b77336954f104324b05e3f623fc3

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaHfPFt+j/KIprM8KJGVG18XRjypuVPAZNbz:7JZoQrbTFZY1iaHfttw/RMNkWOR+AVPO

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Adds policy Run key to start application

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks