General

  • Target

    ca43337b7757787d1b618e651b6d6d90b8244151e549a6a64ccb8ddc838565dd.exe

  • Size

    4.6MB

  • Sample

    241210-nvdp4azkar

  • MD5

    43205894be0b600938b32d095a7d1555

  • SHA1

    a25020c4ab08ae22562e8e1f91e3e38ae9faa3f4

  • SHA256

    ca43337b7757787d1b618e651b6d6d90b8244151e549a6a64ccb8ddc838565dd

  • SHA512

    7c47524ed82703526dae42421716d4734bf07f6c866120243320ead708a970ab50fa857bed0f5d5ac5baee8aa7f4f3a67164fddd7e1a665702d8ea5a1b1a258e

  • SSDEEP

    98304:J6b+fgPSpV+apIEypgOTCqAijHZA65ALrpjiNk:JyBAONp5AijH6AAPpjp

Malware Config

Extracted

Family

darkcomet

Botnet

eski kamarun

C2

haybensenin3.zapto.org:1604

Mutex

DC_MUTEX-4J5WTK5

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    Yf3o5TbGwnLJ

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      ca43337b7757787d1b618e651b6d6d90b8244151e549a6a64ccb8ddc838565dd.exe

    • Size

      4.6MB

    • MD5

      43205894be0b600938b32d095a7d1555

    • SHA1

      a25020c4ab08ae22562e8e1f91e3e38ae9faa3f4

    • SHA256

      ca43337b7757787d1b618e651b6d6d90b8244151e549a6a64ccb8ddc838565dd

    • SHA512

      7c47524ed82703526dae42421716d4734bf07f6c866120243320ead708a970ab50fa857bed0f5d5ac5baee8aa7f4f3a67164fddd7e1a665702d8ea5a1b1a258e

    • SSDEEP

      98304:J6b+fgPSpV+apIEypgOTCqAijHZA65ALrpjiNk:JyBAONp5AijH6AAPpjp

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks