General

  • Target

    448a19d4eaa753aca293afde7a8acc8024f1dbbb51649f5e85589bb72749c6d7

  • Size

    600KB

  • Sample

    230207-qq3jrsbh64

  • MD5

    5f32b0f8f0d6d524969702481267cb16

  • SHA1

    61619717f178232d276dd5cdd86290aac5ff3cdf

  • SHA256

    448a19d4eaa753aca293afde7a8acc8024f1dbbb51649f5e85589bb72749c6d7

  • SHA512

    139ac17118fc7bdf32fa0d41f410faecf113d070db70f5b286551374490ce3ba09b278a05317c7df210eece4eacd6ca6d892ff66c924d0bcecd02d084c8e34d5

  • SSDEEP

    12288:W2Q+/YvU2uVApVQVraqhxJJB8Ly4bBBqoje8ze6k:WuzPYV9l

Malware Config

Extracted

Family

darkcomet

Botnet

IYKE LOGS

C2

127.0.0.1:1604

Mutex

DC_MUTEX-U2T3MAJ

Attributes
  • gencode

    vb23itbmycw8

  • install

    false

  • offline_keylogger

    true

  • password

    raz@1234567890

  • persistence

    false

Targets

    • Target

      448a19d4eaa753aca293afde7a8acc8024f1dbbb51649f5e85589bb72749c6d7

    • Size

      600KB

    • MD5

      5f32b0f8f0d6d524969702481267cb16

    • SHA1

      61619717f178232d276dd5cdd86290aac5ff3cdf

    • SHA256

      448a19d4eaa753aca293afde7a8acc8024f1dbbb51649f5e85589bb72749c6d7

    • SHA512

      139ac17118fc7bdf32fa0d41f410faecf113d070db70f5b286551374490ce3ba09b278a05317c7df210eece4eacd6ca6d892ff66c924d0bcecd02d084c8e34d5

    • SSDEEP

      12288:W2Q+/YvU2uVApVQVraqhxJJB8Ly4bBBqoje8ze6k:WuzPYV9l

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks