General

  • Target

    171081d695ecf0db8485b7e43cc6c040N.exe

  • Size

    324KB

  • Sample

    240722-1t4lcazfpf

  • MD5

    171081d695ecf0db8485b7e43cc6c040

  • SHA1

    31c898e6c145dcb7a3621e6c793d3d4518c88031

  • SHA256

    faf79c3d3d8a5aa612dda3996cae5580d3f9ccf6ab68a9137dbd937f58bb1b65

  • SHA512

    d219b49dca50fd9b50ac9267aa74ed9cac34675f39bd3c4f59f761aa98415423d8c62416dd501abe5e8cec5ca8e9089f046635b9c0a6b5871ce7c82424272650

  • SSDEEP

    6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

betclock.zapto.org:35000

Mutex

DC_MUTEX-LCQCVNZ

Attributes
  • gencode

    MGDU5FhLNYez

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      171081d695ecf0db8485b7e43cc6c040N.exe

    • Size

      324KB

    • MD5

      171081d695ecf0db8485b7e43cc6c040

    • SHA1

      31c898e6c145dcb7a3621e6c793d3d4518c88031

    • SHA256

      faf79c3d3d8a5aa612dda3996cae5580d3f9ccf6ab68a9137dbd937f58bb1b65

    • SHA512

      d219b49dca50fd9b50ac9267aa74ed9cac34675f39bd3c4f59f761aa98415423d8c62416dd501abe5e8cec5ca8e9089f046635b9c0a6b5871ce7c82424272650

    • SSDEEP

      6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks