General
-
Target
add1e6472d8e7694d798eb95aba0bb15105c828c585ae22a173fc0f6b1f0d6bc
-
Size
838KB
-
Sample
221123-qm8llsed56
-
MD5
fd9f795b049b201663898b3b840dec32
-
SHA1
26b4a2d63443b1ea20afab2bead3da3514f92e35
-
SHA256
add1e6472d8e7694d798eb95aba0bb15105c828c585ae22a173fc0f6b1f0d6bc
-
SHA512
df26f973aa106c021e49290e2d949c0e7fea955332838d2f6e8856bde4aa112545413286943d3d9c6a60b16eb5603a693b2a1de103a12608dbb42411c7a9521c
-
SSDEEP
12288:exy8TP40QeYKbQ4wgMUMDSH+Mf3vW9RLGAcypv69CiGc1uWxU8Fy:UtTP4a1dMDSHytGvMY/qOU
Malware Config
Extracted
darkcomet
Guest16_min
customersservicebx.uni.me:2121
DCMIN_MUTEX-UZ6AB7L
-
gencode
s8XX3Rqr3xKD
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
add1e6472d8e7694d798eb95aba0bb15105c828c585ae22a173fc0f6b1f0d6bc
-
Size
838KB
-
MD5
fd9f795b049b201663898b3b840dec32
-
SHA1
26b4a2d63443b1ea20afab2bead3da3514f92e35
-
SHA256
add1e6472d8e7694d798eb95aba0bb15105c828c585ae22a173fc0f6b1f0d6bc
-
SHA512
df26f973aa106c021e49290e2d949c0e7fea955332838d2f6e8856bde4aa112545413286943d3d9c6a60b16eb5603a693b2a1de103a12608dbb42411c7a9521c
-
SSDEEP
12288:exy8TP40QeYKbQ4wgMUMDSH+Mf3vW9RLGAcypv69CiGc1uWxU8Fy:UtTP4a1dMDSHytGvMY/qOU
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-