General

  • Target

    6ed9ff5400c6d67dd68f7bdbb5842e72

  • Size

    248KB

  • Sample

    240122-f8x2wshdfp

  • MD5

    6ed9ff5400c6d67dd68f7bdbb5842e72

  • SHA1

    b5ad87074f158a42a45832fef59eac05ac50390b

  • SHA256

    53f4ab940cb6d4b4139e87468285c2533b930373edda76d80f79ef6daa99c988

  • SHA512

    82d91179ca9de6917eb289993e974b1ef0024f04632906233c010025589dfa1ca6e5ea54e271bfee2557451f588a1d441789f7dcb341335329a42997dc16a2da

  • SSDEEP

    6144:XwT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cw0:XP+NULZdCn3TbncU2D7Ab3

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

stuck.zapto.org:22

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    NKNzdqT5jz9W

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6ed9ff5400c6d67dd68f7bdbb5842e72

    • Size

      248KB

    • MD5

      6ed9ff5400c6d67dd68f7bdbb5842e72

    • SHA1

      b5ad87074f158a42a45832fef59eac05ac50390b

    • SHA256

      53f4ab940cb6d4b4139e87468285c2533b930373edda76d80f79ef6daa99c988

    • SHA512

      82d91179ca9de6917eb289993e974b1ef0024f04632906233c010025589dfa1ca6e5ea54e271bfee2557451f588a1d441789f7dcb341335329a42997dc16a2da

    • SSDEEP

      6144:XwT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cw0:XP+NULZdCn3TbncU2D7Ab3

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Windows security bypass

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks