General
-
Target
e41249db77da1975a5c65df90b0cdcfa1c8d2e63b1cb8d1fa86f33ea346ddd20
-
Size
380KB
-
Sample
221123-s7kfmagc61
-
MD5
2f12cb09c18adaae10e7defe7bd6c110
-
SHA1
bf40872312fe4bcdf95583cfc133e9029a8c9b50
-
SHA256
e41249db77da1975a5c65df90b0cdcfa1c8d2e63b1cb8d1fa86f33ea346ddd20
-
SHA512
5b63b30ecb0e756734821577cacb3c4c71d03d9b3535867f71341679476efaf947f82fb9802aa52a249c993e71d7cf7ca2f0e494bc96b7040e48d98eaf02e78e
-
SSDEEP
6144:Y3fHpf13AoeXH77p4h6U0FjKNUkg0xJEv84l1UWmagoZ+7kaVpv1a3Wse+O0b4i6:YPHZ134Xb73Og0ATX/JgoZUNse+lbG
Malware Config
Extracted
darkcomet
Guest16_min
dcratted.duckdns.org:3080
DCMIN_MUTEX-G22C7RQ
-
gencode
FFUwUJHhLVPu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e41249db77da1975a5c65df90b0cdcfa1c8d2e63b1cb8d1fa86f33ea346ddd20
-
Size
380KB
-
MD5
2f12cb09c18adaae10e7defe7bd6c110
-
SHA1
bf40872312fe4bcdf95583cfc133e9029a8c9b50
-
SHA256
e41249db77da1975a5c65df90b0cdcfa1c8d2e63b1cb8d1fa86f33ea346ddd20
-
SHA512
5b63b30ecb0e756734821577cacb3c4c71d03d9b3535867f71341679476efaf947f82fb9802aa52a249c993e71d7cf7ca2f0e494bc96b7040e48d98eaf02e78e
-
SSDEEP
6144:Y3fHpf13AoeXH77p4h6U0FjKNUkg0xJEv84l1UWmagoZ+7kaVpv1a3Wse+O0b4i6:YPHZ134Xb73Og0ATX/JgoZUNse+lbG
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-