General
-
Target
9d1dc55007a7468a9fdb6263681fd7426d192a3d29515bc031149ad2166560ef
-
Size
752KB
-
Sample
221123-s61q8adb85
-
MD5
c6b4e7633ed37e2ce5b905564f81c57d
-
SHA1
733dd212f469dc646f68cd4c0aa7d77ceade2ec2
-
SHA256
9d1dc55007a7468a9fdb6263681fd7426d192a3d29515bc031149ad2166560ef
-
SHA512
6259f10d960ca0a08160ee997d05e28679268e05174a0f575cb98500109783ee2553d37d2c28af54e23cc1c394c8b98d403af77ea8f05f0fcec0315a0f1361b7
-
SSDEEP
12288:bMES5WaXKtg5gAFo4hd3cgBRIKjpTKh5Or2thYXgO03zfbR:bMPfKybFxJMATKh5LthygO03Tt
Malware Config
Extracted
darkcomet
Guest16_min
stereohacks.ddns.net:1604
DCMIN_MUTEX-5Y95VAZ
-
gencode
w0dv9t4j5rYt
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
9d1dc55007a7468a9fdb6263681fd7426d192a3d29515bc031149ad2166560ef
-
Size
752KB
-
MD5
c6b4e7633ed37e2ce5b905564f81c57d
-
SHA1
733dd212f469dc646f68cd4c0aa7d77ceade2ec2
-
SHA256
9d1dc55007a7468a9fdb6263681fd7426d192a3d29515bc031149ad2166560ef
-
SHA512
6259f10d960ca0a08160ee997d05e28679268e05174a0f575cb98500109783ee2553d37d2c28af54e23cc1c394c8b98d403af77ea8f05f0fcec0315a0f1361b7
-
SSDEEP
12288:bMES5WaXKtg5gAFo4hd3cgBRIKjpTKh5Or2thYXgO03zfbR:bMPfKybFxJMATKh5LthygO03Tt
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-