General
-
Target
a9706aea613642cf8d0952630dbbe7f069b95fe645f15b8de6a99133a7d44335
-
Size
681KB
-
Sample
221123-qp2wvahe5z
-
MD5
1c25c3b85cc106b7a1c039dadda42369
-
SHA1
8664642f01af351ea20b455b21b34dfdf4f78bdc
-
SHA256
a9706aea613642cf8d0952630dbbe7f069b95fe645f15b8de6a99133a7d44335
-
SHA512
69a64c3a6fc72d121428a0142a6219ff500fc00ddf04f557ce786dfd018a182ed5091105fb5a70ddd79c03d8d6977deece4926874f57f925b1f62fe0a8bb8331
-
SSDEEP
12288:4Od2CUD1rXTtpVdyCThFrvmwbfs/pMD+kioCmlNYwmCV8r/UBDqJru2B+Wgar:4m2CghdyEhBv3ipMD+1oJN5VWJrzT
Malware Config
Extracted
darkcomet
Guest16_min
dcratted.duckdns.org:3080
DCMIN_MUTEX-G22C7RQ
-
gencode
FFUwUJHhLVPu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a9706aea613642cf8d0952630dbbe7f069b95fe645f15b8de6a99133a7d44335
-
Size
681KB
-
MD5
1c25c3b85cc106b7a1c039dadda42369
-
SHA1
8664642f01af351ea20b455b21b34dfdf4f78bdc
-
SHA256
a9706aea613642cf8d0952630dbbe7f069b95fe645f15b8de6a99133a7d44335
-
SHA512
69a64c3a6fc72d121428a0142a6219ff500fc00ddf04f557ce786dfd018a182ed5091105fb5a70ddd79c03d8d6977deece4926874f57f925b1f62fe0a8bb8331
-
SSDEEP
12288:4Od2CUD1rXTtpVdyCThFrvmwbfs/pMD+kioCmlNYwmCV8r/UBDqJru2B+Wgar:4m2CghdyEhBv3ipMD+1oJN5VWJrzT
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-