General
-
Target
f3115fa081a1088e6b33272e3ac048508063cd07b8b28a0cf4f68aff9e0fdc87
-
Size
713KB
-
Sample
221003-tlxdqsebd7
-
MD5
52d69bc80f8e6403d06f076eb5494d60
-
SHA1
03243f11aae0efb72fdaddac057f1742024bac4a
-
SHA256
f3115fa081a1088e6b33272e3ac048508063cd07b8b28a0cf4f68aff9e0fdc87
-
SHA512
66cf61d79c1367ef913aeacc5ef315587532172660be9ca9630a2955009c1a98ad766b66b6b1830783d85c3a9feac860a4b71a3b029a6cf0340f7ec3800b4c3e
-
SSDEEP
12288:9QtMi9ynsxUbvoQZCfVPsB9teP6jy8ZpGp4/0yxlnC:GtMmBQZC6B7EMc4Myx1C
Malware Config
Extracted
darkcomet
Guest16
funnystuff.no-ip.org:1604
DC_MUTEX-SPEJPPK
-
gencode
gkeM6ur9Hhsi
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f3115fa081a1088e6b33272e3ac048508063cd07b8b28a0cf4f68aff9e0fdc87
-
Size
713KB
-
MD5
52d69bc80f8e6403d06f076eb5494d60
-
SHA1
03243f11aae0efb72fdaddac057f1742024bac4a
-
SHA256
f3115fa081a1088e6b33272e3ac048508063cd07b8b28a0cf4f68aff9e0fdc87
-
SHA512
66cf61d79c1367ef913aeacc5ef315587532172660be9ca9630a2955009c1a98ad766b66b6b1830783d85c3a9feac860a4b71a3b029a6cf0340f7ec3800b4c3e
-
SSDEEP
12288:9QtMi9ynsxUbvoQZCfVPsB9teP6jy8ZpGp4/0yxlnC:GtMmBQZC6B7EMc4Myx1C
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-