General

  • Target

    cb52e03ba2b9c50027bb82a2f634503475daeb72de895d4a11ba3fcf7134b04e

  • Size

    677KB

  • Sample

    221203-fhxy7saf61

  • MD5

    8e005c2cfc3587fa3e58654830eecf71

  • SHA1

    e3aae32ec4b90c8081028a84e59c66dce6da6256

  • SHA256

    cb52e03ba2b9c50027bb82a2f634503475daeb72de895d4a11ba3fcf7134b04e

  • SHA512

    a488df5f89a548ac33345b2d56873c1df1a6b5f5aef7759f62f685523621a0582a64cf726abb057203b542099b84cb928417845d46872ab0be18d391568f97b1

  • SSDEEP

    12288:cE37EefSqPHVvHm0FPNPtrc4usQ59S+B+i9X6nLXv:fEehPFHHPNJcuQ/f9X2

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

tast.no-ip.biz:82

Mutex

DCMIN_MUTEX-F9J9EBC

Attributes
  • gencode

    1jx38nt7Eeyk

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      cb52e03ba2b9c50027bb82a2f634503475daeb72de895d4a11ba3fcf7134b04e

    • Size

      677KB

    • MD5

      8e005c2cfc3587fa3e58654830eecf71

    • SHA1

      e3aae32ec4b90c8081028a84e59c66dce6da6256

    • SHA256

      cb52e03ba2b9c50027bb82a2f634503475daeb72de895d4a11ba3fcf7134b04e

    • SHA512

      a488df5f89a548ac33345b2d56873c1df1a6b5f5aef7759f62f685523621a0582a64cf726abb057203b542099b84cb928417845d46872ab0be18d391568f97b1

    • SSDEEP

      12288:cE37EefSqPHVvHm0FPNPtrc4usQ59S+B+i9X6nLXv:fEehPFHHPNJcuQ/f9X2

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks