General
-
Target
0fe7d261b98d1357de63f9515b9b6721934653b2f216bf8036988bd412043ce5
-
Size
4.1MB
-
Sample
221003-bz74aaage8
-
MD5
77ae5badde10b94459a0981aead0fe98
-
SHA1
10c8b41d7df65c522ae80421a7305ec14b208cb0
-
SHA256
0fe7d261b98d1357de63f9515b9b6721934653b2f216bf8036988bd412043ce5
-
SHA512
804b941e7f441604279ed6120a60294e7cd649603f7ed92aced9fb86b078f879942f759b33fccf34b6693e106cb22ff7ade39d23a5cdf1a633dc82fcef7c4f84
-
SSDEEP
24576:DHaKjGYyfhTJRm1fsx/PG+QtRL5L3ZQkkh7iQFDT3y5pGV7YtagJN3LYxWiFHX7q:D6GGcaO+g5L3uHXFDTdU30re1v
Malware Config
Extracted
darkcomet
myone
javascript.myvnc.com:200
DC_MUTEX-Z74GC1R
-
gencode
vj8Hr7qiFqBu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
0fe7d261b98d1357de63f9515b9b6721934653b2f216bf8036988bd412043ce5
-
Size
4.1MB
-
MD5
77ae5badde10b94459a0981aead0fe98
-
SHA1
10c8b41d7df65c522ae80421a7305ec14b208cb0
-
SHA256
0fe7d261b98d1357de63f9515b9b6721934653b2f216bf8036988bd412043ce5
-
SHA512
804b941e7f441604279ed6120a60294e7cd649603f7ed92aced9fb86b078f879942f759b33fccf34b6693e106cb22ff7ade39d23a5cdf1a633dc82fcef7c4f84
-
SSDEEP
24576:DHaKjGYyfhTJRm1fsx/PG+QtRL5L3ZQkkh7iQFDT3y5pGV7YtagJN3LYxWiFHX7q:D6GGcaO+g5L3uHXFDTdU30re1v
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-