General
-
Target
8b555ed9942d3bd85ebe92054e2eeb62da2c2ae42e6bf4bff10b493ed3368664
-
Size
833KB
-
Sample
221123-xahmzshd3s
-
MD5
8e8a606820a6f66e7963b330764cf559
-
SHA1
96a5a61510042f2f1cf1ce0ed659fc0cf8d70e48
-
SHA256
8b555ed9942d3bd85ebe92054e2eeb62da2c2ae42e6bf4bff10b493ed3368664
-
SHA512
1a56aa7923b4ba706c179d1066739a36662c6896e24a33e0dd897b03b2ac11d75df8e0cbf27a02522f45e44e3c84977679df0194e5a0ad6146719b66a5211aac
-
SSDEEP
12288:bEJC79h+G6Mr8i+Y1Xx6qDNQXkdQRlYtyIAo5evUoRNuhjEQyMmFaLB0Ckg9WsF:bXhDR82nokdQjYZAoIcoRNWdAaLnkmF
Malware Config
Extracted
darkcomet
Guest16_min
markgraham.noip.me:2124
DCMIN_MUTEX-FUSP59W
-
gencode
Le3UD9gfvz8p
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8b555ed9942d3bd85ebe92054e2eeb62da2c2ae42e6bf4bff10b493ed3368664
-
Size
833KB
-
MD5
8e8a606820a6f66e7963b330764cf559
-
SHA1
96a5a61510042f2f1cf1ce0ed659fc0cf8d70e48
-
SHA256
8b555ed9942d3bd85ebe92054e2eeb62da2c2ae42e6bf4bff10b493ed3368664
-
SHA512
1a56aa7923b4ba706c179d1066739a36662c6896e24a33e0dd897b03b2ac11d75df8e0cbf27a02522f45e44e3c84977679df0194e5a0ad6146719b66a5211aac
-
SSDEEP
12288:bEJC79h+G6Mr8i+Y1Xx6qDNQXkdQRlYtyIAo5evUoRNuhjEQyMmFaLB0Ckg9WsF:bXhDR82nokdQjYZAoIcoRNWdAaLnkmF
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-