General

  • Target

    47fcd83ce2b013158b3d836c1c0f9400N.exe

  • Size

    324KB

  • Sample

    240728-ehdpwszfnf

  • MD5

    47fcd83ce2b013158b3d836c1c0f9400

  • SHA1

    90938cd42c1c07ecdcb60eb75c62bd01439eeb9d

  • SHA256

    d93cae682a4b9bbde68d66031951a608daa6b7ff31cae6facb5d9e7022055778

  • SHA512

    07aee1293706a221b26efb951f36914bdfd5440c9963d4e88e7759917fd17100fdb3af1f69156c9b7300a5b18a95f2634cc5d097f0ff3809b109ad5f0642c6cb

  • SSDEEP

    6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

betclock.zapto.org:35000

Mutex

DC_MUTEX-LCQCVNZ

Attributes
  • gencode

    MGDU5FhLNYez

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      47fcd83ce2b013158b3d836c1c0f9400N.exe

    • Size

      324KB

    • MD5

      47fcd83ce2b013158b3d836c1c0f9400

    • SHA1

      90938cd42c1c07ecdcb60eb75c62bd01439eeb9d

    • SHA256

      d93cae682a4b9bbde68d66031951a608daa6b7ff31cae6facb5d9e7022055778

    • SHA512

      07aee1293706a221b26efb951f36914bdfd5440c9963d4e88e7759917fd17100fdb3af1f69156c9b7300a5b18a95f2634cc5d097f0ff3809b109ad5f0642c6cb

    • SSDEEP

      6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks