General

  • Target

    rhdidhsesdhsdeshs12.pif

  • Size

    756KB

  • Sample

    240810-s683lazfma

  • MD5

    eb355d5dda76a9500df1635e8f1d4bb6

  • SHA1

    820b148cc3cac94013a6c1d4cd77c09bf3a6c226

  • SHA256

    605eeb72a321ff834774898607a7cca0ce71d417116be4851ba77c3258196e65

  • SHA512

    7edc27fb2af3fc5b985e5682b460d2bcaec58c788d13d94520c5751df04db4c83908aba38f973b449a98378f6f4b063ae01d10ba43138cc5cdae14f83b8d7feb

  • SSDEEP

    12288:29HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hvqMd0QZhk:SZ1xuVVjfFoynPaVBUR8f+kN10EBND07

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-UEGPA9X

Attributes
  • gencode

    ahC4rsPiXNu5

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      rhdidhsesdhsdeshs12.pif

    • Size

      756KB

    • MD5

      eb355d5dda76a9500df1635e8f1d4bb6

    • SHA1

      820b148cc3cac94013a6c1d4cd77c09bf3a6c226

    • SHA256

      605eeb72a321ff834774898607a7cca0ce71d417116be4851ba77c3258196e65

    • SHA512

      7edc27fb2af3fc5b985e5682b460d2bcaec58c788d13d94520c5751df04db4c83908aba38f973b449a98378f6f4b063ae01d10ba43138cc5cdae14f83b8d7feb

    • SSDEEP

      12288:29HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hvqMd0QZhk:SZ1xuVVjfFoynPaVBUR8f+kN10EBND07

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Enterprise v15

Tasks