General
-
Target
ba1f6dc837b47e003a75a37be4e81513fb8e243e26dd7eb69dad97d0d824b15f
-
Size
876KB
-
Sample
221123-s7lnpadc35
-
MD5
dcf56d03e27017d03c0f96655dc45952
-
SHA1
a6acfa6ebbb2bd887671e7dc4dfbb9196523963a
-
SHA256
ba1f6dc837b47e003a75a37be4e81513fb8e243e26dd7eb69dad97d0d824b15f
-
SHA512
80de48a3c867f14a51ead8eb58227170d4cac30ac5deb13084e3ae97f050e9523f1e14e68bf42738f4afd491ef44fae3b0e61b40f7b819240b869cf98aa7bdad
-
SSDEEP
24576:9rStb/YeOOIL1E4zNWupEMhrAVv6gb0RbfJATi:BibweOOsJzNtOmrAqYi
Malware Config
Extracted
darkcomet
Guest16_min
uwatm8.mooo.com:1406
DCMIN_MUTEX-GJU6XBF
-
gencode
Uq8AC9lgJGZA
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ba1f6dc837b47e003a75a37be4e81513fb8e243e26dd7eb69dad97d0d824b15f
-
Size
876KB
-
MD5
dcf56d03e27017d03c0f96655dc45952
-
SHA1
a6acfa6ebbb2bd887671e7dc4dfbb9196523963a
-
SHA256
ba1f6dc837b47e003a75a37be4e81513fb8e243e26dd7eb69dad97d0d824b15f
-
SHA512
80de48a3c867f14a51ead8eb58227170d4cac30ac5deb13084e3ae97f050e9523f1e14e68bf42738f4afd491ef44fae3b0e61b40f7b819240b869cf98aa7bdad
-
SSDEEP
24576:9rStb/YeOOIL1E4zNWupEMhrAVv6gb0RbfJATi:BibweOOsJzNtOmrAqYi
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-