General
-
Target
6197e1b3e0038df088b40ecbea0380ae5e42ca063e9bc3cf81fa95c6c0f108ca
-
Size
368KB
-
Sample
221011-cnp9rsagaj
-
MD5
5c109a6ece229206d8799e085f1fa800
-
SHA1
11e989bf37a8baa371501074a8453850fa9d3295
-
SHA256
6197e1b3e0038df088b40ecbea0380ae5e42ca063e9bc3cf81fa95c6c0f108ca
-
SHA512
1a66896aef4a0bed3af21813844b5ef16df72258f94a7cb9246b1c70eb93dcfb18522d234150206ebdea4cdd5d2595a78b76b7466a57b80d6bccbbb2cb22791b
-
SSDEEP
6144:M/vIGrI0G/YTI4MYLYR1JwGXTpSEx6aLTLH/fpABgGJVeIks:LGrI0IlyYBwGDphTLTLffnGuI
Malware Config
Extracted
darkcomet
vic
mos.changeip.org:19696
dc52+
-
gencode
wy2oVn4rxSLo
-
install
false
-
offline_keylogger
false
-
password
15031984
-
persistence
false
Targets
-
-
Target
6197e1b3e0038df088b40ecbea0380ae5e42ca063e9bc3cf81fa95c6c0f108ca
-
Size
368KB
-
MD5
5c109a6ece229206d8799e085f1fa800
-
SHA1
11e989bf37a8baa371501074a8453850fa9d3295
-
SHA256
6197e1b3e0038df088b40ecbea0380ae5e42ca063e9bc3cf81fa95c6c0f108ca
-
SHA512
1a66896aef4a0bed3af21813844b5ef16df72258f94a7cb9246b1c70eb93dcfb18522d234150206ebdea4cdd5d2595a78b76b7466a57b80d6bccbbb2cb22791b
-
SSDEEP
6144:M/vIGrI0G/YTI4MYLYR1JwGXTpSEx6aLTLH/fpABgGJVeIks:LGrI0IlyYBwGDphTLTLffnGuI
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-