General

  • Target

    DarkComet v5.3.rar

  • Size

    13.7MB

  • Sample

    241208-efv66a1nfw

  • MD5

    baef6cbef0f114ac72cb6d309e2cc1d0

  • SHA1

    b6aee79d2797370090cba1eb1cbdb2c7aef01c0a

  • SHA256

    58958e1762681ffa3c18fb4de3899d0f7056f6a820dc1befafb335efe06d4cda

  • SHA512

    9f763127994d572aac91d166098c8b2f665d7832bf23ba718543de9758be43f75aa018d8e74840a1b2f9b754954aae00171c8500facbfbd5daeacbd65fe9c825

  • SSDEEP

    393216:E9xjHesTgWJr2XCCPWNz0u/cVz83UmTuJsU27K7IrkoDA:Kj+SkCsWNYyc9oEB29o0A

Malware Config

Targets

    • Target

      DarkComet v5.3/DarkComet.exe

    • Size

      11.3MB

    • MD5

      d761f3aa64064a706a521ba14d0f8741

    • SHA1

      ab7382bcfdf494d0327fccce9c884592bcc1adeb

    • SHA256

      21ca06b18698d14154a45822aaae1e3837d168cc7630bcd3ec3d8c68aaa959e6

    • SHA512

      d2274c03f805a5cd62104492e154fc225c3f6997091accb2f4bff165308fc82ba0d9adf185ec744222bcb4ece08d1ba754a35a2d88c10c5743f4d2e66494377f

    • SSDEEP

      196608:TPvqxSrDTVokQwhM/kSEMTQINokXJw7lW740VeqQPR:LCxSrFokQw2NjUYuWU0t

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks