General
-
Target
6f43888ef7368d6e1228af67754616cfb469b39256bda67618401f3b7dc7d50a
-
Size
841KB
-
Sample
221123-sy76bsff81
-
MD5
82690a44bde92c0c17564e74658c0524
-
SHA1
7ec5fce16bc61554da8391667192da0055cf2da4
-
SHA256
6f43888ef7368d6e1228af67754616cfb469b39256bda67618401f3b7dc7d50a
-
SHA512
2218d251752a98e5772d343f27d56afcba6d00c63e8ed6eb8e64a40e5bbdac4d90c9af494511477a65d3ff6688fd1bc5e43267a091fd358147f6bf3d2572f1c5
-
SSDEEP
12288:2sXbaMDaRr5rLe6YtDIMT4Jg7xddVD1zlRWigtENylHVNGdFVCRYFho:32vwDIMT4yFd/v1E7o
Malware Config
Extracted
darkcomet
Guest16_min
markgraham.noip.me:2124
DCMIN_MUTEX-FUSP59W
-
gencode
Le3UD9gfvz8p
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6f43888ef7368d6e1228af67754616cfb469b39256bda67618401f3b7dc7d50a
-
Size
841KB
-
MD5
82690a44bde92c0c17564e74658c0524
-
SHA1
7ec5fce16bc61554da8391667192da0055cf2da4
-
SHA256
6f43888ef7368d6e1228af67754616cfb469b39256bda67618401f3b7dc7d50a
-
SHA512
2218d251752a98e5772d343f27d56afcba6d00c63e8ed6eb8e64a40e5bbdac4d90c9af494511477a65d3ff6688fd1bc5e43267a091fd358147f6bf3d2572f1c5
-
SSDEEP
12288:2sXbaMDaRr5rLe6YtDIMT4Jg7xddVD1zlRWigtENylHVNGdFVCRYFho:32vwDIMT4yFd/v1E7o
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-