General

  • Target

    6cf58f2368c142d395158035df22bd24

  • Size

    662KB

  • Sample

    240121-lheqhsadhk

  • MD5

    6cf58f2368c142d395158035df22bd24

  • SHA1

    c200e4409d85d65aa6383ee38ac76f07f4ce7a6e

  • SHA256

    50b3f90c2f5e44a2f6bd23b370971fa620ef0928d96130f260801d168d72470d

  • SHA512

    22c825e68f7335892048a91b938a86ad6ac91c0f1fe40f2f08c5e709628cbf1dcaadc88935a87da2089203f4cd7f9bca1e34450a5a97712e807ee2a490028502

  • SSDEEP

    12288:U3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/Ri:COA4aWNn/m09fKIaaBEtWq3A1Ov8Jgb4

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

lemssallek.zaptoo.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    f39UAqTQbNg7

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6cf58f2368c142d395158035df22bd24

    • Size

      662KB

    • MD5

      6cf58f2368c142d395158035df22bd24

    • SHA1

      c200e4409d85d65aa6383ee38ac76f07f4ce7a6e

    • SHA256

      50b3f90c2f5e44a2f6bd23b370971fa620ef0928d96130f260801d168d72470d

    • SHA512

      22c825e68f7335892048a91b938a86ad6ac91c0f1fe40f2f08c5e709628cbf1dcaadc88935a87da2089203f4cd7f9bca1e34450a5a97712e807ee2a490028502

    • SSDEEP

      12288:U3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/Ri:COA4aWNn/m09fKIaaBEtWq3A1Ov8Jgb4

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks