General
-
Target
6f997cbcb6524add6f2b0354b710a367d7f7a60402aaeab53e960834ee044f26
-
Size
472KB
-
Sample
221123-sy682ace92
-
MD5
428cb0db369019384072df4432724dde
-
SHA1
5ca8272d0c3946dc665f6f597b016701a2869c04
-
SHA256
6f997cbcb6524add6f2b0354b710a367d7f7a60402aaeab53e960834ee044f26
-
SHA512
af66566cb2ad51a3d57b528a35481daf20d0ccaad672b01a20fa1ee8ffdd4b722101b0e2f340cf8d4801d3b2b309909b249f84c7a090c1fe2d81e38339809c4f
-
SSDEEP
12288:EY3F7cDylczfadxLU6OoNUuyQzX16cKHD8A55:EM7cDyliSPbN1ym16cEDv55
Malware Config
Extracted
darkcomet
vikky
vikky44.no-ip.biz:1604
DC_MUTEX-D968R22
-
gencode
nPNl4dCBT8Dq
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6f997cbcb6524add6f2b0354b710a367d7f7a60402aaeab53e960834ee044f26
-
Size
472KB
-
MD5
428cb0db369019384072df4432724dde
-
SHA1
5ca8272d0c3946dc665f6f597b016701a2869c04
-
SHA256
6f997cbcb6524add6f2b0354b710a367d7f7a60402aaeab53e960834ee044f26
-
SHA512
af66566cb2ad51a3d57b528a35481daf20d0ccaad672b01a20fa1ee8ffdd4b722101b0e2f340cf8d4801d3b2b309909b249f84c7a090c1fe2d81e38339809c4f
-
SSDEEP
12288:EY3F7cDylczfadxLU6OoNUuyQzX16cKHD8A55:EM7cDyliSPbN1ym16cEDv55
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-