General

  • Target

    f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e

  • Size

    1024KB

  • Sample

    221203-dd9q4acc7s

  • MD5

    039543b29918a1800c8e0e8c9d9ba7d0

  • SHA1

    145769085294b822ff2c805428246795878bbc62

  • SHA256

    f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e

  • SHA512

    d3328f9cd60dcbd029371b56d4b98002a624d3d2ba56b9e707d7a101b8dce81e2761159ecaa8ed51b6ced60ab832522ac6bdb8a197f3fa79797d9aa70f5b5df7

  • SSDEEP

    24576:NdlX2joBPourq9FcX59bowZVuybDjpc/UGR/eGKuYmVUdYb6HRUf:tmFu29Fcp9bowbuy/S/71QuVhOM

Malware Config

Extracted

Family

darkcomet

Botnet

S4NDY

C2

kissmyarse.no-ip.biz:5466

Mutex

RLG3J8R6JRP0QA

Attributes
  • gencode

    qYEmNxplwd2o

  • install

    false

  • offline_keylogger

    true

  • password

    9845619822

  • persistence

    false

Targets

    • Target

      f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e

    • Size

      1024KB

    • MD5

      039543b29918a1800c8e0e8c9d9ba7d0

    • SHA1

      145769085294b822ff2c805428246795878bbc62

    • SHA256

      f285d4bb56b1a4e14579d749e5d6b3d722840a56710e8967a643f3db6545b25e

    • SHA512

      d3328f9cd60dcbd029371b56d4b98002a624d3d2ba56b9e707d7a101b8dce81e2761159ecaa8ed51b6ced60ab832522ac6bdb8a197f3fa79797d9aa70f5b5df7

    • SSDEEP

      24576:NdlX2joBPourq9FcX59bowZVuybDjpc/UGR/eGKuYmVUdYb6HRUf:tmFu29Fcp9bowbuy/S/71QuVhOM

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Uses the VBS compiler for execution

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks