General
-
Target
d6dd2afabd3a2da675d616501c668af3ae6ed9951ff5507f5b283399b8c94199
-
Size
834KB
-
Sample
221123-xag2fsed35
-
MD5
b1c50a7fc4f9065eb4d146e99b3ba8c9
-
SHA1
e05cae1327a90d4758c55a82dace360a71ae878c
-
SHA256
d6dd2afabd3a2da675d616501c668af3ae6ed9951ff5507f5b283399b8c94199
-
SHA512
8f3a1647be8d5a962e555be12f9f03da897d8b67d404c4b15cde4565662d129384f8bb882cd384a7e2bced0e7b885520f040896216f7f10e95399da2f75c8178
-
SSDEEP
12288:p+yR54BjPCAmvE6R71Ti/AAyvQo4ypD6tfn+60XhD14H/ZEg3Mk5RHdYO6IWsl:p+dBirR7hP4oFx69+Dx54REXk5R9YUl
Malware Config
Extracted
darkcomet
Victims
mrchbk.noip.me:2123
DC_MUTEX-EZ6YFTY
-
gencode
4FUM8Qy2Ej7F
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d6dd2afabd3a2da675d616501c668af3ae6ed9951ff5507f5b283399b8c94199
-
Size
834KB
-
MD5
b1c50a7fc4f9065eb4d146e99b3ba8c9
-
SHA1
e05cae1327a90d4758c55a82dace360a71ae878c
-
SHA256
d6dd2afabd3a2da675d616501c668af3ae6ed9951ff5507f5b283399b8c94199
-
SHA512
8f3a1647be8d5a962e555be12f9f03da897d8b67d404c4b15cde4565662d129384f8bb882cd384a7e2bced0e7b885520f040896216f7f10e95399da2f75c8178
-
SSDEEP
12288:p+yR54BjPCAmvE6R71Ti/AAyvQo4ypD6tfn+60XhD14H/ZEg3Mk5RHdYO6IWsl:p+dBirR7hP4oFx69+Dx54REXk5R9YUl
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-