General

  • Target

    6d34ded00c0da9887ba752872093f59c649de72a1f629a32014f5ed8be509363.exe

  • Size

    658KB

  • Sample

    241223-medvgsymfp

  • MD5

    f6351da84168d40fae8da0c156fbab0f

  • SHA1

    1a2283c85bc5c655f5f2f77f27ec3a9412e8db7e

  • SHA256

    6d34ded00c0da9887ba752872093f59c649de72a1f629a32014f5ed8be509363

  • SHA512

    9948e83f004bb6d0edf14626660365e469dec444128e820f82066e73177f5de109d048fe226a9cbe95cfc6a99a9d4c501ab3f3900aa2e3677434f03d52694607

  • SSDEEP

    12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hn:qZ1xuVVjfFoynPaVBUR8f+kN10EBV

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

test213.no-ip.info:1604

Mutex

DC_MUTEX-KHNEW06

Attributes
  • InstallPath

    MSDCSC\runddl32.exe

  • gencode

    F6FE8i2BxCpu

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      6d34ded00c0da9887ba752872093f59c649de72a1f629a32014f5ed8be509363.exe

    • Size

      658KB

    • MD5

      f6351da84168d40fae8da0c156fbab0f

    • SHA1

      1a2283c85bc5c655f5f2f77f27ec3a9412e8db7e

    • SHA256

      6d34ded00c0da9887ba752872093f59c649de72a1f629a32014f5ed8be509363

    • SHA512

      9948e83f004bb6d0edf14626660365e469dec444128e820f82066e73177f5de109d048fe226a9cbe95cfc6a99a9d4c501ab3f3900aa2e3677434f03d52694607

    • SSDEEP

      12288:e9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hn:qZ1xuVVjfFoynPaVBUR8f+kN10EBV

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.