General

  • Target

    60ff0dd4a4a0b8c91976c26283c7d5a4fb23bb78af17de520526447b010e4063N.exe

  • Size

    4.6MB

  • Sample

    241211-n74r2swmcq

  • MD5

    d35685275d19eba3a22a46003858b4b0

  • SHA1

    196ffdf8fab82a9fe1a268cd6a6897ef331b46bb

  • SHA256

    60ff0dd4a4a0b8c91976c26283c7d5a4fb23bb78af17de520526447b010e4063

  • SHA512

    5e33cd1983d05b9697ef3a0cb4ac8129f53b0156c434dad1398dec6e67b44e5fa82d531741b8afcf32e8106d59d64aeba5e71e53a6dba352d4f89621217374cf

  • SSDEEP

    98304:J6b+fgPSpV+apIEypgOTCqAijHZA65ALrpjiN8:JyBAONp5AijH6AAPpjL

Malware Config

Extracted

Family

darkcomet

Botnet

eski kamarun

C2

haybensenin3.zapto.org:1604

Mutex

DC_MUTEX-4J5WTK5

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    Yf3o5TbGwnLJ

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      60ff0dd4a4a0b8c91976c26283c7d5a4fb23bb78af17de520526447b010e4063N.exe

    • Size

      4.6MB

    • MD5

      d35685275d19eba3a22a46003858b4b0

    • SHA1

      196ffdf8fab82a9fe1a268cd6a6897ef331b46bb

    • SHA256

      60ff0dd4a4a0b8c91976c26283c7d5a4fb23bb78af17de520526447b010e4063

    • SHA512

      5e33cd1983d05b9697ef3a0cb4ac8129f53b0156c434dad1398dec6e67b44e5fa82d531741b8afcf32e8106d59d64aeba5e71e53a6dba352d4f89621217374cf

    • SSDEEP

      98304:J6b+fgPSpV+apIEypgOTCqAijHZA65ALrpjiN8:JyBAONp5AijH6AAPpjL

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks