darkcomet

General

Target

a4b7feaa3bda52c048f7cc1369bfb7b5151d9dbe9c1e6b2123215d77002d92b9.zip
Size

130KB
Sample

241230-f6nenszjbs
MD5

83131e41de76ce07fb1e525125201723
SHA1

dbf6150d19f18d2f724974ea01358a79d195b6ee
SHA256

a4b7feaa3bda52c048f7cc1369bfb7b5151d9dbe9c1e6b2123215d77002d92b9
SHA512

a4d819ddd7f42f1b93e00e0874b6cd028e383dbe2e0e76b896496524afaeea44c95c55baeb737f684acc3d2003ceccca5addf82c4c814b4d509baa5382dfc3d3
SSDEEP

3072:Hf1BDZ0kVB67Duw9AMcybCFAjrYEOnEjbWicBGIgPjzgw0XIu0I/2jAW:H9X0GkjjrkJiUgPH/ubXW

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
193.149.189.199
Port:
21
Username:
LUM
Password:
159753

Extracted

Credentials

Protocol: ftp
Host:
193.149.189.199
Port:
21
Username:
ins
Password:
installer

Extracted

Family

lumma

Extracted

Family

darkcomet

Botnet

Guest1690

C2

65.38.120.136:1690

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
U2oxviM8ZSYf
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  a4b7feaa3bda52c048f7cc1369bfb7b5151d9dbe9c1e6b2123215d77002d92b9.zip
- Size
  
  130KB
- MD5
  
  83131e41de76ce07fb1e525125201723
- SHA1
  
  dbf6150d19f18d2f724974ea01358a79d195b6ee
- SHA256
  
  a4b7feaa3bda52c048f7cc1369bfb7b5151d9dbe9c1e6b2123215d77002d92b9
- SHA512
  
  a4d819ddd7f42f1b93e00e0874b6cd028e383dbe2e0e76b896496524afaeea44c95c55baeb737f684acc3d2003ceccca5addf82c4c814b4d509baa5382dfc3d3
- SSDEEP
  
  3072:Hf1BDZ0kVB67Duw9AMcybCFAjrYEOnEjbWicBGIgPjzgw0XIu0I/2jAW:H9X0GkjjrkJiUgPH/ubXW
Score

10^/10

darkcomet lumma vidar guest1690 credential_access discovery persistence rat stealer trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Detect Vidar Stealer
  stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Executes dropped EXE
- Loads dropped DLL
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InetLoad.dll
- Size
  
  18KB
- MD5
  
  994669c5737b25c26642c94180e92fa2
- SHA1
  
  d8a1836914a446b0e06881ce1be8631554adafde
- SHA256
  
  bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
- SHA512
  
  d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563
- SSDEEP
  
  384:nUOPTbiJmdztwwKq8W1cyMjPzV0Ac9k+LMkIX1+Gn+XHdjf:nTikliwKq8W1rMjPzz+f
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/ZipDLL.dll
- Size
  
  163KB
- MD5
  
  2dc35ddcabcb2b24919b9afae4ec3091
- SHA1
  
  9eeed33c3abc656353a7ebd1c66af38cccadd939
- SHA256
  
  6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1
- SHA512
  
  0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901
- SSDEEP
  
  3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk
Score

3^/10

discovery
behavioral5 behavioral6