General
-
Target
6873a1ba479130c31835ed9461a22c8ca8d492996a280bae159e9b6c58ae9ca1
-
Size
1.5MB
-
Sample
221122-ycff3seg57
-
MD5
0cd3ad65fdfee0772033e4a378e0a2ac
-
SHA1
d5bdeddaff767df27058818a8ecceb78d8cb7f78
-
SHA256
6873a1ba479130c31835ed9461a22c8ca8d492996a280bae159e9b6c58ae9ca1
-
SHA512
52043ca6eafafe8c87cb6bcb2137603b0ab090b36ab6bd8778bb07fcf22d92e39702ead3529562eb92dc099cb9f67aa5363ea73871805892eaac7046bc27c388
-
SSDEEP
24576:VAYRArjo1Zl3+Y0YqE3zOXuUlfV0DYZ+QIFSf5KltElpOZjvL7f:VAYuYfYxiS+urWE
Malware Config
Extracted
darkcomet
test1
bukason.ddns.net:10001
DCMIN_MUTEX-9LB9RZA
-
gencode
SUKS4YhPyzjm
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6873a1ba479130c31835ed9461a22c8ca8d492996a280bae159e9b6c58ae9ca1
-
Size
1.5MB
-
MD5
0cd3ad65fdfee0772033e4a378e0a2ac
-
SHA1
d5bdeddaff767df27058818a8ecceb78d8cb7f78
-
SHA256
6873a1ba479130c31835ed9461a22c8ca8d492996a280bae159e9b6c58ae9ca1
-
SHA512
52043ca6eafafe8c87cb6bcb2137603b0ab090b36ab6bd8778bb07fcf22d92e39702ead3529562eb92dc099cb9f67aa5363ea73871805892eaac7046bc27c388
-
SSDEEP
24576:VAYRArjo1Zl3+Y0YqE3zOXuUlfV0DYZ+QIFSf5KltElpOZjvL7f:VAYuYfYxiS+urWE
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-