General

  • Target

    95dba688f837f4768c4bc884b6a4bf497c3c170c89f3f8b020b5df222a90a10b

  • Size

    658KB

  • Sample

    221129-rh4yasad81

  • MD5

    43f595f877530911f95fe5e3942282e6

  • SHA1

    d016c4cd4d89065fb13f3a70a65c88be1c51049c

  • SHA256

    95dba688f837f4768c4bc884b6a4bf497c3c170c89f3f8b020b5df222a90a10b

  • SHA512

    21781429083cff8cec40a6b1372ee531fe66c2c00b3c20d8cef8e79e591aabbabc976c906ffdd5d3621e015453b95fa072bb980f585e54db22a2f098e37e3d0f

  • SSDEEP

    12288:39HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/he:RZ1xuVVjfFoynPaVBUR8f+kN10EB8

Malware Config

Extracted

Family

darkcomet

Botnet

Main

C2

socksproxy.no-ip.org:1604

Mutex

DCMIN_MUTEX-72L6PQS

Attributes
  • gencode

    PVX1LoK3q19e

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      95dba688f837f4768c4bc884b6a4bf497c3c170c89f3f8b020b5df222a90a10b

    • Size

      658KB

    • MD5

      43f595f877530911f95fe5e3942282e6

    • SHA1

      d016c4cd4d89065fb13f3a70a65c88be1c51049c

    • SHA256

      95dba688f837f4768c4bc884b6a4bf497c3c170c89f3f8b020b5df222a90a10b

    • SHA512

      21781429083cff8cec40a6b1372ee531fe66c2c00b3c20d8cef8e79e591aabbabc976c906ffdd5d3621e015453b95fa072bb980f585e54db22a2f098e37e3d0f

    • SSDEEP

      12288:39HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/he:RZ1xuVVjfFoynPaVBUR8f+kN10EB8

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks