General

  • Target

    e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890.exe

  • Size

    718KB

  • Sample

    241210-sns9esymat

  • MD5

    7a59e4b586b19bb7e57799e71831bf30

  • SHA1

    260639259b3781deaed92c9c63e196a3b9c100be

  • SHA256

    e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890

  • SHA512

    e233cf418db931990a8671b6e1c7e52dc2a7595cb77e913e98c9f2c2150e6b713012cd19f2487761a8e364e320af47741cf7ab53142fe9305d7491a8b76d747c

  • SSDEEP

    12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6W:b8p2goysF4taCgVRdiNlOQF30V

Malware Config

Extracted

Family

darkcomet

Botnet

fo

C2

127.0.0.1:1010

46.39.230.61:1010

Mutex

DC_MUTEX-PR2UBLF

Attributes
  • gencode

    ovcHaFsW9bRT

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890.exe

    • Size

      718KB

    • MD5

      7a59e4b586b19bb7e57799e71831bf30

    • SHA1

      260639259b3781deaed92c9c63e196a3b9c100be

    • SHA256

      e8412105090ad0e9d7d905b811afd4c055f69ed631b0b6de8fe34ffac23de890

    • SHA512

      e233cf418db931990a8671b6e1c7e52dc2a7595cb77e913e98c9f2c2150e6b713012cd19f2487761a8e364e320af47741cf7ab53142fe9305d7491a8b76d747c

    • SSDEEP

      12288:QL88mbu2rpKomPPijFbJ34tEZCgWSZkK5VdKbggPdOXwx6vwGpy30Yw6W:b8p2goysF4taCgVRdiNlOQF30V

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks