General

  • Target

    2025-07-04_d619b9e85e4a2102d94b2928b0efb9c8_amadey_black-basta_coinminer_darkcomet_elex_hijackloader_luca-stealer_stop

  • Size

    5.1MB

  • Sample

    250704-vmfytabn2v

  • MD5

    d619b9e85e4a2102d94b2928b0efb9c8

  • SHA1

    7abf9bbd62cf2249532a0d3cbfa100aa0763c0ba

  • SHA256

    6d1250a0dade7fdf59435669d8e82a2043315438da5b6038658a469e0ad3eada

  • SHA512

    da0e687220746d34227102706e00a1ca2416a42a51326a4512d597012865f07eb76d0ab3829063f083d0a45714b1c11a168c5c3b6ae344dc43f1f6ae799700b0

  • SSDEEP

    98304:olerjesRJ8YQU/A5qZiQmMrm1RF4P6CfUbtYa:frj578YQK5yHFc6CfUSa

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      2025-07-04_d619b9e85e4a2102d94b2928b0efb9c8_amadey_black-basta_coinminer_darkcomet_elex_hijackloader_luca-stealer_stop

    • Size

      5.1MB

    • MD5

      d619b9e85e4a2102d94b2928b0efb9c8

    • SHA1

      7abf9bbd62cf2249532a0d3cbfa100aa0763c0ba

    • SHA256

      6d1250a0dade7fdf59435669d8e82a2043315438da5b6038658a469e0ad3eada

    • SHA512

      da0e687220746d34227102706e00a1ca2416a42a51326a4512d597012865f07eb76d0ab3829063f083d0a45714b1c11a168c5c3b6ae344dc43f1f6ae799700b0

    • SSDEEP

      98304:olerjesRJ8YQU/A5qZiQmMrm1RF4P6CfUbtYa:frj578YQK5yHFc6CfUSa

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks