General
-
Target
5fa2570e3641c4048abd79604c149951ca69077787ce3e86d9a4798efe2fc4ef
-
Size
1.1MB
-
Sample
220731-mgyyfabfd6
-
MD5
051f250fd72cdbdc953e3c4d836cb514
-
SHA1
44d427d84c48cc3fd86d887150f0bbe732cae430
-
SHA256
5fa2570e3641c4048abd79604c149951ca69077787ce3e86d9a4798efe2fc4ef
-
SHA512
6c6901b0c34a0aac6f2a9022545385bfd235c1337f01758dc7a084da2305f805383334544b18cdba1c2bc7a732cddc4a1cfcf58cb9f2d4549e7a4e6b1ec0134a
Malware Config
Extracted
darkcomet
n19
e44.no-ip.biz:1337
DC_MUTEX-BTMHVCZ
-
gencode
b79tyFR0J2jW
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5fa2570e3641c4048abd79604c149951ca69077787ce3e86d9a4798efe2fc4ef
-
Size
1.1MB
-
MD5
051f250fd72cdbdc953e3c4d836cb514
-
SHA1
44d427d84c48cc3fd86d887150f0bbe732cae430
-
SHA256
5fa2570e3641c4048abd79604c149951ca69077787ce3e86d9a4798efe2fc4ef
-
SHA512
6c6901b0c34a0aac6f2a9022545385bfd235c1337f01758dc7a084da2305f805383334544b18cdba1c2bc7a732cddc4a1cfcf58cb9f2d4549e7a4e6b1ec0134a
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-