General

  • Target

    b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a

  • Size

    609KB

  • Sample

    221203-dbe4psca5z

  • MD5

    331da72e491868ab31ce11fe02f5bb15

  • SHA1

    bfbf35096f56e92f08815487e1cbb088efaf31e9

  • SHA256

    b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a

  • SHA512

    2b3930150894fb1b6e3f41fd5edeb25f6a68de005a9a20bdd02418a190805a9291c6185d2f7a8e3e3d4a42cbec92fc29d69b76d4d4cd486dd75963ccd6e6c71f

  • SSDEEP

    12288:gzyFWnsipV73N8rA/gC+apkmvReK7E9zF9wTtTEC9NTvER+dZ07boQK1bhHl3:WfZpV7N8rA4i3Rak1JNLI+0oQ+hF

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

216.38.2.194:1608

Mutex

DC_MUTEX-B3GGRXH

Attributes
  • gencode

    x22S1Hl5yBQe

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a

    • Size

      609KB

    • MD5

      331da72e491868ab31ce11fe02f5bb15

    • SHA1

      bfbf35096f56e92f08815487e1cbb088efaf31e9

    • SHA256

      b4d1ddba5d16a8e7d588a47b82ae1edd515ce9a7fc49e2463711e230fe7efd0a

    • SHA512

      2b3930150894fb1b6e3f41fd5edeb25f6a68de005a9a20bdd02418a190805a9291c6185d2f7a8e3e3d4a42cbec92fc29d69b76d4d4cd486dd75963ccd6e6c71f

    • SSDEEP

      12288:gzyFWnsipV73N8rA/gC+apkmvReK7E9zF9wTtTEC9NTvER+dZ07boQK1bhHl3:WfZpV7N8rA4i3Rak1JNLI+0oQ+hF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks