General
-
Target
e0393eec2118a86eaf876af49713b0db01c630f508746b120710f47eee9d01a0
-
Size
838KB
-
Sample
221123-p42nysga7t
-
MD5
e841d33eab17862cc4c8dc350728a13d
-
SHA1
50c2ddae9ac3c122d6d71d6c79ea9d97c1008182
-
SHA256
e0393eec2118a86eaf876af49713b0db01c630f508746b120710f47eee9d01a0
-
SHA512
f2b5b4f676cd463bc2da146befb35306b3e69624b54abc91f37248c2b352de6c9c7240194a85b41434dd63ddd4fc8fe6c3c545713c53a2002921a853ec82a4f9
-
SSDEEP
24576:qUz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffE55:r7D2qu2VYfNwqsg
Malware Config
Extracted
darkcomet
Members
emkadns.uni.me:2121
DCMIN_MUTEX-LBZLRNM
-
gencode
mCrAswFlmnAx
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e0393eec2118a86eaf876af49713b0db01c630f508746b120710f47eee9d01a0
-
Size
838KB
-
MD5
e841d33eab17862cc4c8dc350728a13d
-
SHA1
50c2ddae9ac3c122d6d71d6c79ea9d97c1008182
-
SHA256
e0393eec2118a86eaf876af49713b0db01c630f508746b120710f47eee9d01a0
-
SHA512
f2b5b4f676cd463bc2da146befb35306b3e69624b54abc91f37248c2b352de6c9c7240194a85b41434dd63ddd4fc8fe6c3c545713c53a2002921a853ec82a4f9
-
SSDEEP
24576:qUz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffE55:r7D2qu2VYfNwqsg
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-