General

  • Target

    98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd

  • Size

    2.2MB

  • Sample

    221202-s1224abb45

  • MD5

    39d4cbc86f45b0efedc6f01881412e73

  • SHA1

    a8d339b3f8d798160f71ee88e36b2a6efa76dded

  • SHA256

    98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd

  • SHA512

    333711526622d8e5f02c95a8587bd29e4900757566d9f040ec5f14292640a0c6edead0e933d42ced60c7f0b1ae131cecb06ac206d29d52f4983e40ebecf3b5ce

  • SSDEEP

    49152:N1vqjd/QNzVG3W34pd9S7TWFrSLRRJN3TCt/RsbMBBdtt:N1vqjV344zeK5SLhRTCtkM5

Malware Config

Extracted

Family

darkcomet

Botnet

teste

C2

hack256.no-ip.biz:1604

Mutex

DC_MUTEX-CT50HLM

Attributes
  • gencode

    U7iklaRPqE51

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd

    • Size

      2.2MB

    • MD5

      39d4cbc86f45b0efedc6f01881412e73

    • SHA1

      a8d339b3f8d798160f71ee88e36b2a6efa76dded

    • SHA256

      98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd

    • SHA512

      333711526622d8e5f02c95a8587bd29e4900757566d9f040ec5f14292640a0c6edead0e933d42ced60c7f0b1ae131cecb06ac206d29d52f4983e40ebecf3b5ce

    • SSDEEP

      49152:N1vqjd/QNzVG3W34pd9S7TWFrSLRRJN3TCt/RsbMBBdtt:N1vqjV344zeK5SLhRTCtkM5

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks