General

  • Target

    2accae5e44cff57a393096acc4fc48d1a293614e6d38cedc3aa039b382895ad0.exe

  • Size

    520KB

  • Sample

    250120-v2aqcazrfk

  • MD5

    136813dfba7fe74370ab7e949cc06ed7

  • SHA1

    4457524b1f2ea3eba432fc115ef2697bb8a96a5d

  • SHA256

    2accae5e44cff57a393096acc4fc48d1a293614e6d38cedc3aa039b382895ad0

  • SHA512

    4f77977ac98dc402ee6ca4e24b233cbc66f11d59b817f895b81d6193cedbbb72bff9e6a619021460f48e9d05b4efd0039cbe50bbe535e8dbbb3d1a9bb2269b73

  • SSDEEP

    6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbB:f9fC3hh29Ya77A90aFtDfT5IMbB

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

C2

ratblackshades.no-ip.biz:1604

Mutex

DC_MUTEX-ACC1R98

Attributes
  • gencode

    8GG5LVVGljSF

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      2accae5e44cff57a393096acc4fc48d1a293614e6d38cedc3aa039b382895ad0.exe

    • Size

      520KB

    • MD5

      136813dfba7fe74370ab7e949cc06ed7

    • SHA1

      4457524b1f2ea3eba432fc115ef2697bb8a96a5d

    • SHA256

      2accae5e44cff57a393096acc4fc48d1a293614e6d38cedc3aa039b382895ad0

    • SHA512

      4f77977ac98dc402ee6ca4e24b233cbc66f11d59b817f895b81d6193cedbbb72bff9e6a619021460f48e9d05b4efd0039cbe50bbe535e8dbbb3d1a9bb2269b73

    • SSDEEP

      6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbB:f9fC3hh29Ya77A90aFtDfT5IMbB

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks