General

  • Target

    53f9da2780b6f5a90cfa960a7ba80eef

  • Size

    1.3MB

  • Sample

    231226-e2cxpsddap

  • MD5

    53f9da2780b6f5a90cfa960a7ba80eef

  • SHA1

    797377e262f78ebcbb50203a286fdcbc76b45e81

  • SHA256

    4764430a1dcd759ca63408103232d28a82c2e1ae3c1cc29a536fecdee9171fb3

  • SHA512

    bced0651108eecdad60f6b9291e065877f9b7b43ae5edbf659d6028c192de918f11e8d6019cc5e287f9036f33825c52f5b34fce58d4d76f02c834aa16dfdaa41

  • SSDEEP

    24576:Vt3Neacap5W/4UHRY2FhJvQywVLjaGVOUN6nyhkHgKU6Y:VtUaAwls+9j4HgK

Malware Config

Extracted

Family

darkcomet

Botnet

slave

C2

ratting.no-ip.org:1605

Mutex

DC_MUTEX-Q21PSYS

Attributes
  • gencode

    3xN2KEijP0Bj

  • install

    false

  • offline_keylogger

    true

  • password

    darkcomet

  • persistence

    false

Targets

    • Target

      53f9da2780b6f5a90cfa960a7ba80eef

    • Size

      1.3MB

    • MD5

      53f9da2780b6f5a90cfa960a7ba80eef

    • SHA1

      797377e262f78ebcbb50203a286fdcbc76b45e81

    • SHA256

      4764430a1dcd759ca63408103232d28a82c2e1ae3c1cc29a536fecdee9171fb3

    • SHA512

      bced0651108eecdad60f6b9291e065877f9b7b43ae5edbf659d6028c192de918f11e8d6019cc5e287f9036f33825c52f5b34fce58d4d76f02c834aa16dfdaa41

    • SSDEEP

      24576:Vt3Neacap5W/4UHRY2FhJvQywVLjaGVOUN6nyhkHgKU6Y:VtUaAwls+9j4HgK

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks