darkcomet | 69366a4a73f7d9fd02ebbfdc35e504b8ec6203571d3f4b99f94a7a25e994d53d | Triage

Resubmissions

22-01-2025 09:51

250122-lvlpla1lhp 10

22-01-2025 09:36

250122-lk825szmaw 10

Sharing

General

Target

lab_samples.7z
Size

1.2MB
Sample

250122-lvlpla1lhp
MD5

1b7491958a16c4e0b40e214905da4e48
SHA1

6e5e2fd20d08df8157d5daf6a963252ec8dbf42f
SHA256

69366a4a73f7d9fd02ebbfdc35e504b8ec6203571d3f4b99f94a7a25e994d53d
SHA512

dc850e266c72b6f0cecc367ced1636da99505e84faa708ff9ad31bacb6140a0384e0830976288119e1fc939738f2bb69cbb732982bb0d102f5bd6d29194a4f8b
SSDEEP

24576:MH3Vta5A/hn3fkt/qcZKqEDkWQAF8frgEcP1+ItPv3/iuD:MXVtaE8t/q6v4kxc8fg/X3Ko

Score

10^/10

darkcomet guest16 discovery

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

test213.no-ip.info:1604

Mutex

DC_MUTEX-KHNEW06

Attributes

InstallPath
MSDCSC\runddl32.exe
gencode
F6FE8i2BxCpu
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  lab_samples/b3b3bb519dd34a933a0b9920fa905ecaa5ce32c34871a29b5823a5b0fd4d9fc7.exe
- Size
  
  659KB
- MD5
  
  b3dc48d13f7d541fa583bf964c0603bf
- SHA1
  
  1dbaa68adc0a592508f7ad715bfcdf79c17990d6
- SHA256
  
  b3b3bb519dd34a933a0b9920fa905ecaa5ce32c34871a29b5823a5b0fd4d9fc7
- SHA512
  
  193bda0656a9d1be54dc655d9af3224ddccb78fc26aa77618fba1e3c36005a0368a200960cc28facc280df667f51a26bbef62282bbf8837cc036a41bfb8525f4
- SSDEEP
  
  12288:JR2N+L3K6boxK6dSmiTwntcm3Kbjbgv8YXoNCMF6+yWiL4Wlsfppj4W:P8+L3UM6SIcsHj4N5F6+yW/W4XP
Score

7^/10

discovery
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1