General
-
Target
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
Size
1.4MB
-
Sample
221123-s65p6sdb94
-
MD5
cc010a9788fb94a30ffc7e7ce3572c74
-
SHA1
ef63edaecff71c8ca3aa3f3be5ceb1a18bd38672
-
SHA256
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
SHA512
fcbcc4efd16561411349e55e3461064ac642910053ecd30459cb4bc27895b3736616fd57600f82343a0597a62a002fcd68c6b77336954f104324b05e3f623fc3
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaHfPFt+j/KIprM8KJGVG18XRjypuVPAZNbz:7JZoQrbTFZY1iaHfttw/RMNkWOR+AVPO
Malware Config
Extracted
darkcomet
Sept
daynasmithx.ddns.net:100
DCMIN_MUTEX-HFVU8P5
-
gencode
cehBMBEe408f
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
Size
1.4MB
-
MD5
cc010a9788fb94a30ffc7e7ce3572c74
-
SHA1
ef63edaecff71c8ca3aa3f3be5ceb1a18bd38672
-
SHA256
13509a38f18f8e07c11982a59642d90cd55d910482b8bab753949231211933ed
-
SHA512
fcbcc4efd16561411349e55e3461064ac642910053ecd30459cb4bc27895b3736616fd57600f82343a0597a62a002fcd68c6b77336954f104324b05e3f623fc3
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaHfPFt+j/KIprM8KJGVG18XRjypuVPAZNbz:7JZoQrbTFZY1iaHfttw/RMNkWOR+AVPO
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-