General

  • Target

    0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20aN.exe

  • Size

    742KB

  • Sample

    241201-tzf9nszrek

  • MD5

    cb59fc47fcd2ea6c4354d60230b67c50

  • SHA1

    7416dd76ebd488b308d73d6d27dd1101a92e0772

  • SHA256

    0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20a

  • SHA512

    1c103d9a11cb38543d2f83d254b1465898127ac1e29a34c6b98c8b77685aa48bf2c8a99e697a794403c67fa3bccd6386273697844734fba4023d9f46b82db29e

  • SSDEEP

    12288:UrAeSye4BLE0RnRO0GiAlQUZM6GR9jrHNCqZO0ZaF8RivkDOn7Ypca1oymIW2J83:CAZyUNtiCK6c9jrtL8WnDAE2RIuws

Malware Config

Extracted

Family

darkcomet

Botnet

Dragonica

C2

192.168.0.13:1604

85.168.104.237:1604

Mutex

DC_MUTEX-AE11EHH

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    3E1WoVyr3qxU

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20aN.exe

    • Size

      742KB

    • MD5

      cb59fc47fcd2ea6c4354d60230b67c50

    • SHA1

      7416dd76ebd488b308d73d6d27dd1101a92e0772

    • SHA256

      0cb080c8fe1f959b91761bfda632078ea3f5b52a1b6ca8c8c5ea7ac8f2c1a20a

    • SHA512

      1c103d9a11cb38543d2f83d254b1465898127ac1e29a34c6b98c8b77685aa48bf2c8a99e697a794403c67fa3bccd6386273697844734fba4023d9f46b82db29e

    • SSDEEP

      12288:UrAeSye4BLE0RnRO0GiAlQUZM6GR9jrHNCqZO0ZaF8RivkDOn7Ypca1oymIW2J83:CAZyUNtiCK6c9jrtL8WnDAE2RIuws

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks