General

  • Target

    forge-1.20.1-47.1.12-installer.bin

  • Size

    5.7MB

  • Sample

    241215-av5a6aynh1

  • MD5

    6d0b8a01ecfdf53f577e5c2a1da491ec

  • SHA1

    846e02191e94c181de3b9f28a589860625af3d18

  • SHA256

    18fb6ed230d147195ae6243f309bfa9aa8768e707819ddc362ff83f594f4f20c

  • SHA512

    659940064f9493117aede8ecf8f3dfa2bf847368fa661e08cc27b0c22599ea36d6f0e3597f225a41a02105a03b409b8efd8e675f9468ca117b15a9500c98f3a0

  • SSDEEP

    98304:G7M/HfSDrRAoX4xUi7y0t5w4y2cTt6G8hZbCdm/j02G+uyXYsro0UaGJb:QrHox0az+Ttj8zoQuQUVb

Malware Config

Extracted

Family

darkcomet

Botnet

GoogleDebugger

C2

147.185.221.24:14161

Mutex

RO_MUTEX-8HU43EZ

Attributes
  • InstallPath

    ChromeCookies\ChromeCookie.exe

  • gencode

    WN0BLB8aPxBw

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    GoogleDebugJ

Targets

    • Target

      forge-1.20.1-47.1.12-installer.bin

    • Size

      5.7MB

    • MD5

      6d0b8a01ecfdf53f577e5c2a1da491ec

    • SHA1

      846e02191e94c181de3b9f28a589860625af3d18

    • SHA256

      18fb6ed230d147195ae6243f309bfa9aa8768e707819ddc362ff83f594f4f20c

    • SHA512

      659940064f9493117aede8ecf8f3dfa2bf847368fa661e08cc27b0c22599ea36d6f0e3597f225a41a02105a03b409b8efd8e675f9468ca117b15a9500c98f3a0

    • SSDEEP

      98304:G7M/HfSDrRAoX4xUi7y0t5w4y2cTt6G8hZbCdm/j02G+uyXYsro0UaGJb:QrHox0az+Ttj8zoQuQUVb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks