General

  • Target

    27d98f3fcddf6c70273510a771369d1ecea614ed54a08422bfce9ba9de1934eb

  • Size

    324KB

  • Sample

    240728-ys5e5s1hmn

  • MD5

    570fe4fb06f3fff1d46ad7eeb3f156c3

  • SHA1

    e613c9164ce5e03ba9d5cdf8389d5a9b11d4f132

  • SHA256

    27d98f3fcddf6c70273510a771369d1ecea614ed54a08422bfce9ba9de1934eb

  • SHA512

    e321a3ad01b919bd0e31b204b4cadf364076b40624e649130bc150bc2f35460e7ad7ffccfb1bb24db1738866841bdcc0ab4d29932e2ec6ab7c8c216c20aa75df

  • SSDEEP

    6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

betclock.zapto.org:35000

Mutex

DC_MUTEX-LCQCVNZ

Attributes
  • gencode

    MGDU5FhLNYez

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      27d98f3fcddf6c70273510a771369d1ecea614ed54a08422bfce9ba9de1934eb

    • Size

      324KB

    • MD5

      570fe4fb06f3fff1d46ad7eeb3f156c3

    • SHA1

      e613c9164ce5e03ba9d5cdf8389d5a9b11d4f132

    • SHA256

      27d98f3fcddf6c70273510a771369d1ecea614ed54a08422bfce9ba9de1934eb

    • SHA512

      e321a3ad01b919bd0e31b204b4cadf364076b40624e649130bc150bc2f35460e7ad7ffccfb1bb24db1738866841bdcc0ab4d29932e2ec6ab7c8c216c20aa75df

    • SSDEEP

      6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks