General
-
Target
8f1fb8b85fb5b2c5398c7061661d0cada9dea27004c7ca4152b67d8af39dcec2
-
Size
875KB
-
Sample
221014-jeyywadfh7
-
MD5
6ac1919b323d4d6ec6d7274410abe330
-
SHA1
a9fe775a162462cd8ef83e6d9a2765768e432f01
-
SHA256
8f1fb8b85fb5b2c5398c7061661d0cada9dea27004c7ca4152b67d8af39dcec2
-
SHA512
95c2ace0622a4182ec5d453a324841e0b6cc54470d03f5da77907f0782f6e9890ae085fbfa651b8c1c941cad23423469df2e18e5696a188e1146cb2808feed6f
-
SSDEEP
12288:dr5i38VeUbBiWuqHefYKBlhAF7ghw48XcCmsGKV3ox+4+gVM2FykVo39/399u0DP:C3kF3CYKBl8ghw4UcqGKV3oj+Y6t/t
Malware Config
Extracted
darkcomet
Victima
mala-87.no-ip.org:1604
DC_MUTEX-3MAFGMY
-
gencode
8Z1er2KVl9bV
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8f1fb8b85fb5b2c5398c7061661d0cada9dea27004c7ca4152b67d8af39dcec2
-
Size
875KB
-
MD5
6ac1919b323d4d6ec6d7274410abe330
-
SHA1
a9fe775a162462cd8ef83e6d9a2765768e432f01
-
SHA256
8f1fb8b85fb5b2c5398c7061661d0cada9dea27004c7ca4152b67d8af39dcec2
-
SHA512
95c2ace0622a4182ec5d453a324841e0b6cc54470d03f5da77907f0782f6e9890ae085fbfa651b8c1c941cad23423469df2e18e5696a188e1146cb2808feed6f
-
SSDEEP
12288:dr5i38VeUbBiWuqHefYKBlhAF7ghw48XcCmsGKV3ox+4+gVM2FykVo39/399u0DP:C3kF3CYKBl8ghw4UcqGKV3oj+Y6t/t
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-