General
-
Target
dceb61f8153519337f35a04fc46c4aa09945318cf4d0630abb942ac035369479
-
Size
1.4MB
-
Sample
221123-p6acgsgb6v
-
MD5
544f7f5a6d0737a80f746b7a3cb09f40
-
SHA1
69c2ded66b5b8754f16fdcf47ce98f8921644e52
-
SHA256
dceb61f8153519337f35a04fc46c4aa09945318cf4d0630abb942ac035369479
-
SHA512
a8e96e06aff26f60deda7a946f0ee36159a9ec89eda0f77fbc7d5f6c01beacdae587bbd56a8f33290a1a16ed7b3b10d5a38a6cabeb4be7c2e3d21eae43204d2b
-
SSDEEP
24576:3qu7gwCeYC5o1M8gh6hvNKk7mxQbKau5IHvpwppQr2ie6XWC0hhoK:3RmJ6tv3xOi0qgBl50hho
Malware Config
Extracted
darkcomet
Wrdex
127.0.0.1:1454
larryking.no-ip.biz:1454
DC_MUTEX-7MQCAT1
-
gencode
ujzd2CCjR7AN
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
dceb61f8153519337f35a04fc46c4aa09945318cf4d0630abb942ac035369479
-
Size
1.4MB
-
MD5
544f7f5a6d0737a80f746b7a3cb09f40
-
SHA1
69c2ded66b5b8754f16fdcf47ce98f8921644e52
-
SHA256
dceb61f8153519337f35a04fc46c4aa09945318cf4d0630abb942ac035369479
-
SHA512
a8e96e06aff26f60deda7a946f0ee36159a9ec89eda0f77fbc7d5f6c01beacdae587bbd56a8f33290a1a16ed7b3b10d5a38a6cabeb4be7c2e3d21eae43204d2b
-
SSDEEP
24576:3qu7gwCeYC5o1M8gh6hvNKk7mxQbKau5IHvpwppQr2ie6XWC0hhoK:3RmJ6tv3xOi0qgBl50hho
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-