General

  • Target

    1d0e911fab58ded2be33b6fe01bd49754dc45fa3564b61a93078b872ee0a1dde

  • Size

    324KB

  • Sample

    240730-x77ndayhle

  • MD5

    32b849828ee6e240d562771b7e09fdcd

  • SHA1

    2c701b47a58399459686bc9d3591f35d9bfcc001

  • SHA256

    1d0e911fab58ded2be33b6fe01bd49754dc45fa3564b61a93078b872ee0a1dde

  • SHA512

    064c1d215ced3da9539efc13076c04b8341b15a2e48f861fb73d7b5f5054a3fa3789ff9afdeaa2014a3f1b15d52d976fb582b4013aa716ba01ac56c46f783420

  • SSDEEP

    6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

betclock.zapto.org:35000

Mutex

DC_MUTEX-LCQCVNZ

Attributes
  • gencode

    MGDU5FhLNYez

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      1d0e911fab58ded2be33b6fe01bd49754dc45fa3564b61a93078b872ee0a1dde

    • Size

      324KB

    • MD5

      32b849828ee6e240d562771b7e09fdcd

    • SHA1

      2c701b47a58399459686bc9d3591f35d9bfcc001

    • SHA256

      1d0e911fab58ded2be33b6fe01bd49754dc45fa3564b61a93078b872ee0a1dde

    • SHA512

      064c1d215ced3da9539efc13076c04b8341b15a2e48f861fb73d7b5f5054a3fa3789ff9afdeaa2014a3f1b15d52d976fb582b4013aa716ba01ac56c46f783420

    • SSDEEP

      6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks