General
-
Target
2702fe34d53dde360af4c114c0ad0d458b2c9ae9500c42c8354d8e57edce74a2
-
Size
452KB
-
Sample
221123-r4nhfadc8y
-
MD5
7de9787876d0ecb71648f25bd1e5fc51
-
SHA1
2bc2b1a2977b64eb22d069941a45abfe04d44622
-
SHA256
2702fe34d53dde360af4c114c0ad0d458b2c9ae9500c42c8354d8e57edce74a2
-
SHA512
347a214a9cfbbd799e1a0f11568959884909d9dbd9bafd8302859af9ab7c5a2bb5328a1f28260b1839f1dd6952197e02bd75cd5a09dec4026181857d8b2b4bc9
-
SSDEEP
12288:6M5tnmfeuL8U3yoWwYLtfCgaNiAY8lIkd+:6M5p2nL8A8wYLgFNfj
Malware Config
Extracted
darkcomet
suretey
kaspanet.jed-group.com:1660
DC_MUTEX-DW9F7R5
-
gencode
gagSQD1wwynQ
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
2702fe34d53dde360af4c114c0ad0d458b2c9ae9500c42c8354d8e57edce74a2
-
Size
452KB
-
MD5
7de9787876d0ecb71648f25bd1e5fc51
-
SHA1
2bc2b1a2977b64eb22d069941a45abfe04d44622
-
SHA256
2702fe34d53dde360af4c114c0ad0d458b2c9ae9500c42c8354d8e57edce74a2
-
SHA512
347a214a9cfbbd799e1a0f11568959884909d9dbd9bafd8302859af9ab7c5a2bb5328a1f28260b1839f1dd6952197e02bd75cd5a09dec4026181857d8b2b4bc9
-
SSDEEP
12288:6M5tnmfeuL8U3yoWwYLtfCgaNiAY8lIkd+:6M5p2nL8A8wYLgFNfj
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-