General
-
Target
d925123b49f1202422b46e8d3db2941d96d5c33970aa74a58055f15d644958ca
-
Size
838KB
-
Sample
221123-p7hp9agc41
-
MD5
1eb1d37928ffa971a4c74c965bc9e88e
-
SHA1
d3d3cb7b02d7c2699650b4adb19cd4d41c8cfe45
-
SHA256
d925123b49f1202422b46e8d3db2941d96d5c33970aa74a58055f15d644958ca
-
SHA512
ccd895d36ac7a8136e739b99e78820447a3d739797cdf517cf407642af0ae2511fce3cbfafe461c1e1280f4ac64cb455a4dc78c6f29f06a8c7f6fd8fba514a98
-
SSDEEP
12288:qoxy8TP40QeYKbQ4wgMUMDSH+Mf3vW9RLGAcypv69CiGc1uWxU8p557:qWtTP4a1dMDSHytGvMY/qOUa55
Malware Config
Extracted
darkcomet
Guest16_min
customersservicebx.uni.me:2121
DCMIN_MUTEX-UZ6AB7L
-
gencode
s8XX3Rqr3xKD
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d925123b49f1202422b46e8d3db2941d96d5c33970aa74a58055f15d644958ca
-
Size
838KB
-
MD5
1eb1d37928ffa971a4c74c965bc9e88e
-
SHA1
d3d3cb7b02d7c2699650b4adb19cd4d41c8cfe45
-
SHA256
d925123b49f1202422b46e8d3db2941d96d5c33970aa74a58055f15d644958ca
-
SHA512
ccd895d36ac7a8136e739b99e78820447a3d739797cdf517cf407642af0ae2511fce3cbfafe461c1e1280f4ac64cb455a4dc78c6f29f06a8c7f6fd8fba514a98
-
SSDEEP
12288:qoxy8TP40QeYKbQ4wgMUMDSH+Mf3vW9RLGAcypv69CiGc1uWxU8p557:qWtTP4a1dMDSHytGvMY/qOUa55
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-