General

  • Target

    ba1e42b0fc454c041dd89ab04d9615c0N.exe

  • Size

    324KB

  • Sample

    240731-qenlgavcmr

  • MD5

    ba1e42b0fc454c041dd89ab04d9615c0

  • SHA1

    6c1f08e8818f4f11cbd145ca6d159b20a87b9091

  • SHA256

    40df0baf051090f518f217c285992c7ce6c432b6989412ae6ef512ab8fc29b70

  • SHA512

    646800af399c03154a2c7add396687745064e99e677f4ca88e27e62559c6e9cf319c39257b695661da0c27d265204b7309cdfb4d680cfb7f54b7b5ea0aaffdbb

  • SSDEEP

    6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

betclock.zapto.org:35000

Mutex

DC_MUTEX-LCQCVNZ

Attributes
  • gencode

    MGDU5FhLNYez

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      ba1e42b0fc454c041dd89ab04d9615c0N.exe

    • Size

      324KB

    • MD5

      ba1e42b0fc454c041dd89ab04d9615c0

    • SHA1

      6c1f08e8818f4f11cbd145ca6d159b20a87b9091

    • SHA256

      40df0baf051090f518f217c285992c7ce6c432b6989412ae6ef512ab8fc29b70

    • SHA512

      646800af399c03154a2c7add396687745064e99e677f4ca88e27e62559c6e9cf319c39257b695661da0c27d265204b7309cdfb4d680cfb7f54b7b5ea0aaffdbb

    • SSDEEP

      6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks