General

  • Target

    c64c953eb21641cb9688d357578e08e3

  • Size

    660KB

  • Sample

    240313-tjcljshc2s

  • MD5

    c64c953eb21641cb9688d357578e08e3

  • SHA1

    3fbb9e6a87dd1c939a34cd70275ded8ca0d38111

  • SHA256

    56ed81c9241e4d5f5aeff9f755dcd7fea618b64f24463f61836609a6f26eb04c

  • SHA512

    492b1f3fd9ea4e542f9ae73da2b5280ac286895d24b7cb872a30a40bc1f5eff61946a36aff45e2666b49571bd9a41ce6e17797659fc38cbb1ab2aa2d0fe70d30

  • SSDEEP

    12288:gXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UQ:mnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jg

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    U3duTmZ5pURh

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      c64c953eb21641cb9688d357578e08e3

    • Size

      660KB

    • MD5

      c64c953eb21641cb9688d357578e08e3

    • SHA1

      3fbb9e6a87dd1c939a34cd70275ded8ca0d38111

    • SHA256

      56ed81c9241e4d5f5aeff9f755dcd7fea618b64f24463f61836609a6f26eb04c

    • SHA512

      492b1f3fd9ea4e542f9ae73da2b5280ac286895d24b7cb872a30a40bc1f5eff61946a36aff45e2666b49571bd9a41ce6e17797659fc38cbb1ab2aa2d0fe70d30

    • SSDEEP

      12288:gXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UQ:mnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jg

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops file in Drivers directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks