General
-
Target
39b3577f623fbfd5b84250da4b9233df05787582f210acffcc3058515e0cd1cd
-
Size
1.2MB
-
Sample
221123-rxgfjshg26
-
MD5
9fc38321f1909639ad798581695a4356
-
SHA1
1909410463a9e964dd2053c36ac8d90e8bc515b5
-
SHA256
39b3577f623fbfd5b84250da4b9233df05787582f210acffcc3058515e0cd1cd
-
SHA512
1022d56042dc083d14fdf89314fab7b36f63798a3c818dae9caded437d4e19350f66d612c296e545037cd71ca32594b1da54b4f4b769e7957e0180f5d6e7abc0
-
SSDEEP
24576:0FJlc+Eeep4XeQs1HoITBZVYW1yvIjls+54RTGEKFEVlvsfAvbIL+LHLRVe:amdYoHo4ZVYW8vIq+5YGil88Ve
Malware Config
Extracted
darkcomet
UNKNOWN
abdulzokhan.no-ip.org:2323
DC_MUTEX-UP6NB9G
-
InstallPath
NokiaOviSuite.exe
-
gencode
qEy8YaRgYauv
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
NokiaOviSuite
Targets
-
-
Target
39b3577f623fbfd5b84250da4b9233df05787582f210acffcc3058515e0cd1cd
-
Size
1.2MB
-
MD5
9fc38321f1909639ad798581695a4356
-
SHA1
1909410463a9e964dd2053c36ac8d90e8bc515b5
-
SHA256
39b3577f623fbfd5b84250da4b9233df05787582f210acffcc3058515e0cd1cd
-
SHA512
1022d56042dc083d14fdf89314fab7b36f63798a3c818dae9caded437d4e19350f66d612c296e545037cd71ca32594b1da54b4f4b769e7957e0180f5d6e7abc0
-
SSDEEP
24576:0FJlc+Eeep4XeQs1HoITBZVYW1yvIjls+54RTGEKFEVlvsfAvbIL+LHLRVe:amdYoHo4ZVYW8vIq+5YGil88Ve
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-