General

  • Target

    75d7f4e89d40c202c6a28dfe30d6cc93

  • Size

    1.2MB

  • Sample

    240125-3za74ababn

  • MD5

    75d7f4e89d40c202c6a28dfe30d6cc93

  • SHA1

    fe394c2f0abea15f8b6c19fc4e0ac4ebe8c63c6b

  • SHA256

    b2dc44fd64beab5b53beb3fbd60e7ddd803337774dac60fcba0d71deb0a138e7

  • SHA512

    568dfe60bd6a8443185906fd7e22924ca23d9a2fd4ced2b34c450dfbcd7ca8989017127ba813ff5633c47450c200b2119fa7a4554f9385745cc22a51835e8231

  • SSDEEP

    24576:e9wrQhw7iGRv/roB8hd7mWS/16fSYKxQ:0WiALoSnS4tsQ

Score
10/10

Malware Config

Extracted

Family

darkcomet

Botnet

x

C2

cppgamer.no-ip.biz:1024

cppgamer.no-ip.biz:1243

Mutex

DC_MUTEX-EN4NFY6

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    0wdCxW5TpJNK

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      75d7f4e89d40c202c6a28dfe30d6cc93

    • Size

      1.2MB

    • MD5

      75d7f4e89d40c202c6a28dfe30d6cc93

    • SHA1

      fe394c2f0abea15f8b6c19fc4e0ac4ebe8c63c6b

    • SHA256

      b2dc44fd64beab5b53beb3fbd60e7ddd803337774dac60fcba0d71deb0a138e7

    • SHA512

      568dfe60bd6a8443185906fd7e22924ca23d9a2fd4ced2b34c450dfbcd7ca8989017127ba813ff5633c47450c200b2119fa7a4554f9385745cc22a51835e8231

    • SSDEEP

      24576:e9wrQhw7iGRv/roB8hd7mWS/16fSYKxQ:0WiALoSnS4tsQ

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks