General
-
Target
e2d8e1808e5ee515d30b8a88a8141f422505f4a8f4adfe9fd546fddf0de893db
-
Size
503KB
-
Sample
221123-s644msdb92
-
MD5
0d2092c561a5d13999a1eb567e9f55f4
-
SHA1
0fc352cb69b361aa9bd0e21f79835bbea6acb611
-
SHA256
e2d8e1808e5ee515d30b8a88a8141f422505f4a8f4adfe9fd546fddf0de893db
-
SHA512
36c7d49ec7ab85561385ef7b360c4e971aa1335c545ce557254963485373a146023ec06d75003cfb50bf5c54aed81728a48a313860edbafe301d3cd41cd63647
-
SSDEEP
12288:DrrulTXRTvTeQpVR48PYyfumA5nCuSWQotT48uHZGsF:/r6TBTvNrRsWWnCuyoDu5GsF
Malware Config
Extracted
darkcomet
19/7
spotcrabs.twilightparadox.com:1500
DC_MUTEX-HEZHVLE
-
gencode
deGNxbQZUbYS
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e2d8e1808e5ee515d30b8a88a8141f422505f4a8f4adfe9fd546fddf0de893db
-
Size
503KB
-
MD5
0d2092c561a5d13999a1eb567e9f55f4
-
SHA1
0fc352cb69b361aa9bd0e21f79835bbea6acb611
-
SHA256
e2d8e1808e5ee515d30b8a88a8141f422505f4a8f4adfe9fd546fddf0de893db
-
SHA512
36c7d49ec7ab85561385ef7b360c4e971aa1335c545ce557254963485373a146023ec06d75003cfb50bf5c54aed81728a48a313860edbafe301d3cd41cd63647
-
SSDEEP
12288:DrrulTXRTvTeQpVR48PYyfumA5nCuSWQotT48uHZGsF:/r6TBTvNrRsWWnCuyoDu5GsF
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-