General

  • Target

    18a211d12eaed4e3bf7a70af05ea49a0N.exe

  • Size

    324KB

  • Sample

    240804-2523bstcrg

  • MD5

    18a211d12eaed4e3bf7a70af05ea49a0

  • SHA1

    a68cbc3efb8a5d5a8a790f52153be7970743de29

  • SHA256

    46fb2d4dfe0f33b2e07f806174768bb81724000025faf487d593bb7ad2f7b2ef

  • SHA512

    d937da7312156504e3ba6bb52d0cb4247a2b7e25a87e3300bbd09dc409c25928fa968e74e945b54cd0492378285b37cf1f93ec1c399ed622edc7c43166d5a51f

  • SSDEEP

    6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

betclock.zapto.org:35000

Mutex

DC_MUTEX-LCQCVNZ

Attributes
  • gencode

    MGDU5FhLNYez

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      18a211d12eaed4e3bf7a70af05ea49a0N.exe

    • Size

      324KB

    • MD5

      18a211d12eaed4e3bf7a70af05ea49a0

    • SHA1

      a68cbc3efb8a5d5a8a790f52153be7970743de29

    • SHA256

      46fb2d4dfe0f33b2e07f806174768bb81724000025faf487d593bb7ad2f7b2ef

    • SHA512

      d937da7312156504e3ba6bb52d0cb4247a2b7e25a87e3300bbd09dc409c25928fa968e74e945b54cd0492378285b37cf1f93ec1c399ed622edc7c43166d5a51f

    • SSDEEP

      6144:cvhFCYZdP5aHNn1s7C+3S4R5wQrV/YbZwZ3ssu4eqswN8s1Pf4NAGy5uRyXR6P+R:TQdwHNn1OCN4MQEZwUqsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks