General
-
Target
9001b9be0ba1c2f5d725b4fac065f7df1063f679de0456e0c7b62bb7ffa01565
-
Size
1.2MB
-
Sample
221029-dd779saacp
-
MD5
da8dd1c26402c6f57ae07224c101ff47
-
SHA1
98707f186ee8a4f84aaf47bd7a6ba31ada455489
-
SHA256
9001b9be0ba1c2f5d725b4fac065f7df1063f679de0456e0c7b62bb7ffa01565
-
SHA512
915cf43fbdeca9a782ab7b88b60e1c1a74a50c35207f359e8ed7efc9dd0fb490df66a4cc47a58ca505e4ae8adf384bac3541b7c7673d86aab947817b1e94d6bd
-
SSDEEP
24576:gcNakl+b0mv2Fp7k6zj/2nX6WHgZ7thfj:NNakl3Fp7/zKX5A9thr
Malware Config
Extracted
darkcomet
Main
dizzy42089.zapto.org:1604
DC_MUTEX-TP56YVC
-
gencode
k69ex9208hbM
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9001b9be0ba1c2f5d725b4fac065f7df1063f679de0456e0c7b62bb7ffa01565
-
Size
1.2MB
-
MD5
da8dd1c26402c6f57ae07224c101ff47
-
SHA1
98707f186ee8a4f84aaf47bd7a6ba31ada455489
-
SHA256
9001b9be0ba1c2f5d725b4fac065f7df1063f679de0456e0c7b62bb7ffa01565
-
SHA512
915cf43fbdeca9a782ab7b88b60e1c1a74a50c35207f359e8ed7efc9dd0fb490df66a4cc47a58ca505e4ae8adf384bac3541b7c7673d86aab947817b1e94d6bd
-
SSDEEP
24576:gcNakl+b0mv2Fp7k6zj/2nX6WHgZ7thfj:NNakl3Fp7/zKX5A9thr
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-