General
-
Target
dd009100b372334421a57869168791149e20faa009d87c75f47bee2b36b8259d
-
Size
1.4MB
-
Sample
221001-z94qlsgbh6
-
MD5
6267c4f465815533a4601d453afeba3e
-
SHA1
3355d85fc23e061180957a656ca855bfad1d640b
-
SHA256
dd009100b372334421a57869168791149e20faa009d87c75f47bee2b36b8259d
-
SHA512
88d392178cfee398c9ba1ab5ae9be13e98b84fee645ff2cc1b7f72bd518843c7d9f290514444cd31a9a4a47b0406778355255b7b59532932df3ac123db8f54c3
-
SSDEEP
24576:URmJkcoQricOIQxiZY1ia9ND/vy9VSzi9x69vjmXHd3GV6OpVx4FTZ:xJZoQrbTFZY1ia/DH0+COvjmN38u
Malware Config
Extracted
darkcomet
Guest16
wawa0109.no-ip.biz:1604
DC_MUTEX-708SGZ5
-
gencode
RMggQFB85ptt
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
dd009100b372334421a57869168791149e20faa009d87c75f47bee2b36b8259d
-
Size
1.4MB
-
MD5
6267c4f465815533a4601d453afeba3e
-
SHA1
3355d85fc23e061180957a656ca855bfad1d640b
-
SHA256
dd009100b372334421a57869168791149e20faa009d87c75f47bee2b36b8259d
-
SHA512
88d392178cfee398c9ba1ab5ae9be13e98b84fee645ff2cc1b7f72bd518843c7d9f290514444cd31a9a4a47b0406778355255b7b59532932df3ac123db8f54c3
-
SSDEEP
24576:URmJkcoQricOIQxiZY1ia9ND/vy9VSzi9x69vjmXHd3GV6OpVx4FTZ:xJZoQrbTFZY1ia/DH0+COvjmN38u
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-