darkcomet

General

Target

Installer.zip
Size

13.7MB
Sample

230516-tzy5gsaf8v
MD5

a23484e904e6d9887882109b598b27b7
SHA1

59d01c4bb61ac6c2412d81d52a14f63bb0a68cb0
SHA256

d7c0356a7b084972b981077c8a6af5e38dadfcc6b3d28fffd005672bb0cab11e
SHA512

7cf7ab211d180c0a7896e0043701d0b254b4f1a8a1aaf614c211c63bb4d0c509702b585fb4ad44aa46604bdf134fa8c529abb7e0d922526ac5d9e21bc7da96b8
SSDEEP

393216:LVlfIuTkmjDmpTHcKl465hgycSxnthjXzVDw/k8FnnMneBu+:LjffDmpT7Trg2HX5DoMneQ+

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
78.24.222.162
Port:
21
Username:
red
Password:
159753

Extracted

Credentials

Protocol: ftp
Host:
79.174.12.59
Port:
21
Username:
fdhfgethrsg
Password:
tehrzsgethrgse

Targets

- Target
  
  Installer.exe
- Size
  
  19.8MB
- MD5
  
  cd5fed848e2dcb69f3971a5bcfa141e3
- SHA1
  
  323d0bd91d7f063ad63d1b1e4665e6c39483a2de
- SHA256
  
  60d310504114d19b43f2b346c3480a8eee4ce31b86b4dfaa844b82a84d21de45
- SHA512
  
  dfd706351a21faf8dd5d6aa6b39dbcf54199eaf46751360f2926bfb3a6cee6426e23328682b693422a4c4e1e522770774038fc57b53b34182cb70dc65da9daf2
- SSDEEP
  
  98304:GOfTrBoo9MLKbZqoqn6r4FHlMZskyNZPhqwMR1A34bGcl/pmDVkwEdrO5u/fXmAc:GOnBoo5RvZsAxBMDwRqv4ERrt9b86zgS
Score

10^/10

darkcomet redline discovery infostealer persistence rat spyware stealer trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ins.py
- Size
  
  14KB
- MD5
  
  a32c93c0406de2eab8099d965b4ccd34
- SHA1
  
  eeaa706135950fb32367ef25de1b259a5919ada0
- SHA256
  
  5d01465e3496651e75449e205ab46e922cc820640bf74a913ea1204c289b537c
- SHA512
  
  5bba97b37a55fc6d21d6f66a143e9cf5531e002b350de28d8862329dd090907c3bb47c14ad269073e2bd0438519dca7e1e6260754d407ea51b22fc34e39429a8
- SSDEEP
  
  192:TSppdVSQ0gcpDSFhe1cU5EfW7XqEv0134Q6Bpg2O/s0Z67dsyi:T40zp0heKU5d7XqEI34Qapy00Z67da
Score

3^/10
behavioral3 behavioral4