General
-
Target
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
Size
796KB
-
Sample
221001-28effacfgp
-
MD5
6534e848ca264321e6c4d956678179a4
-
SHA1
600cf511423442a5be1dd170438277c5f8575301
-
SHA256
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
SHA512
87532af0711ce2dcaf7765b635a17322ae6af11448cb422e648df49941184a9bbff49beb995c594e620b6ede570afda9f5ab3ae84a453da560acb77c0cc001bc
-
SSDEEP
24576:9T6pyJfnwuKuwq4IaUSDFHCtG37VAt9qTe5YEhwCEc:9Gp0z5jSDFHC3toTe57wCEc
Malware Config
Extracted
darkcomet
Guest16
faqstank.no-ip.biz:1604
DC_MUTEX-BL1A8HM
-
gencode
uYo9tkQSNJyE
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
Size
796KB
-
MD5
6534e848ca264321e6c4d956678179a4
-
SHA1
600cf511423442a5be1dd170438277c5f8575301
-
SHA256
afa9995e84e0b5c5fba66b6038b6feb45ded7d807e6b55fd84f0f9303c29a706
-
SHA512
87532af0711ce2dcaf7765b635a17322ae6af11448cb422e648df49941184a9bbff49beb995c594e620b6ede570afda9f5ab3ae84a453da560acb77c0cc001bc
-
SSDEEP
24576:9T6pyJfnwuKuwq4IaUSDFHCtG37VAt9qTe5YEhwCEc:9Gp0z5jSDFHC3toTe57wCEc
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-