General

  • Target

    038531d52fb5fc61c11beabcc05b8ae3f0a988cddbfab0db2f1e99bcb3c6757d.exe

  • Size

    4.5MB

  • Sample

    241124-qtzx2syjcr

  • MD5

    ac9e4c837b4617a8f76b8f06f23d3c68

  • SHA1

    d210f651d289a8e8b7b984735eb9b0df1b25278d

  • SHA256

    038531d52fb5fc61c11beabcc05b8ae3f0a988cddbfab0db2f1e99bcb3c6757d

  • SHA512

    45c3714e2b8f828e7b72bffc882801e3682f23bfb2abb5a8685550b710542cad31c1f902d906e32c0f9acb97e14e38da6cd93d171643925543a231adfe90b9b4

  • SSDEEP

    49152:VNkIeCY8EHOEoYzTny4X6gO0DA4HlEzD4ft7:d4ft7

Malware Config

Extracted

Family

darkcomet

Botnet

crypter_t411

C2

milanilou007.ddns.me:1604

Mutex

DC_MUTEX-92C3TY1

Attributes
  • gencode

    KpEHFrlns92y

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      038531d52fb5fc61c11beabcc05b8ae3f0a988cddbfab0db2f1e99bcb3c6757d.exe

    • Size

      4.5MB

    • MD5

      ac9e4c837b4617a8f76b8f06f23d3c68

    • SHA1

      d210f651d289a8e8b7b984735eb9b0df1b25278d

    • SHA256

      038531d52fb5fc61c11beabcc05b8ae3f0a988cddbfab0db2f1e99bcb3c6757d

    • SHA512

      45c3714e2b8f828e7b72bffc882801e3682f23bfb2abb5a8685550b710542cad31c1f902d906e32c0f9acb97e14e38da6cd93d171643925543a231adfe90b9b4

    • SSDEEP

      49152:VNkIeCY8EHOEoYzTny4X6gO0DA4HlEzD4ft7:d4ft7

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks