General

  • Target

    f072748664490b1ebfe32fb42050643617694aba1e2143dba95094a109b25605

  • Size

    1.9MB

  • Sample

    241006-eqvy5swgle

  • MD5

    5f23c5ffd1b04577a5ba759d0e3c8bd6

  • SHA1

    3abcde643ea3f9ccf2f43947adab5288f8403b12

  • SHA256

    f072748664490b1ebfe32fb42050643617694aba1e2143dba95094a109b25605

  • SHA512

    e91832cd380172b5a1b0739441e32157843aa0b6b9a8e80924171511c8a6c6b8edd71c5b78520469ba7a74e4b40bafe46de3fb05df9cb7ff8f08c490bd9d1d95

  • SSDEEP

    24576:qMyptg5dkAmL8jyLQLNW0yzotcSHVZwMz8gkyJ8fP4lw46lw4Pz9ELqjLW:3te3ow4+w4PzqLcLW

Malware Config

Extracted

Family

darkcomet

Botnet

1

C2

anthraxgold.no-ip.info:666

Mutex

DC_MUTEX-169BEXQ

Attributes
  • gencode

    M6QvjZgri1v2

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      f072748664490b1ebfe32fb42050643617694aba1e2143dba95094a109b25605

    • Size

      1.9MB

    • MD5

      5f23c5ffd1b04577a5ba759d0e3c8bd6

    • SHA1

      3abcde643ea3f9ccf2f43947adab5288f8403b12

    • SHA256

      f072748664490b1ebfe32fb42050643617694aba1e2143dba95094a109b25605

    • SHA512

      e91832cd380172b5a1b0739441e32157843aa0b6b9a8e80924171511c8a6c6b8edd71c5b78520469ba7a74e4b40bafe46de3fb05df9cb7ff8f08c490bd9d1d95

    • SSDEEP

      24576:qMyptg5dkAmL8jyLQLNW0yzotcSHVZwMz8gkyJ8fP4lw46lw4Pz9ELqjLW:3te3ow4+w4PzqLcLW

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks