General
-
Target
93a08e0a2a62a6e2422a0f05d578727254f42bed9a5eed8bf9b2e558dda81eab
-
Size
1.1MB
-
Sample
221123-s7ha9sdc33
-
MD5
d1fceb90478d54b87b35727a97cd0cc2
-
SHA1
09f8ddc6065f6850fa493a7b524075dffa34dd28
-
SHA256
93a08e0a2a62a6e2422a0f05d578727254f42bed9a5eed8bf9b2e558dda81eab
-
SHA512
d6a6b524ee4c085370bfb668ae1786f8ddc0e81f69a9af4288f48b955904e961b8fbb0a421ccb4c8aa7f6329574fa8919fe984c43acb432caf04b86a01a3a209
-
SSDEEP
24576:MzJbMXSnCk10qYQW4Hcocwrv3QuYVp1zCyY:UbMXSnCk1oQjHcocwbQXC
Malware Config
Extracted
darkcomet
Guest16_min
dcratted.duckdns.org:3080
DCMIN_MUTEX-G22C7RQ
-
gencode
FFUwUJHhLVPu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
93a08e0a2a62a6e2422a0f05d578727254f42bed9a5eed8bf9b2e558dda81eab
-
Size
1.1MB
-
MD5
d1fceb90478d54b87b35727a97cd0cc2
-
SHA1
09f8ddc6065f6850fa493a7b524075dffa34dd28
-
SHA256
93a08e0a2a62a6e2422a0f05d578727254f42bed9a5eed8bf9b2e558dda81eab
-
SHA512
d6a6b524ee4c085370bfb668ae1786f8ddc0e81f69a9af4288f48b955904e961b8fbb0a421ccb4c8aa7f6329574fa8919fe984c43acb432caf04b86a01a3a209
-
SSDEEP
24576:MzJbMXSnCk10qYQW4Hcocwrv3QuYVp1zCyY:UbMXSnCk1oQjHcocwbQXC
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-