General
-
Target
00075848e557109dd6a6d985c245ab9b2062ad8316b1f0032816f830459b5674
-
Size
776KB
-
Sample
221123-xak34shd3w
-
MD5
723d25277abd30f89506642ba66a78db
-
SHA1
85b6cf4dcba3dbd334e06de9f997e2c4595102ae
-
SHA256
00075848e557109dd6a6d985c245ab9b2062ad8316b1f0032816f830459b5674
-
SHA512
46d3d02ef4a2a755540192563ae10c2197b24e3f393553f15111475456dbded447e9c477d0721029a1670537cea698a8fdd014d82d339ea56d4bead5adc2dd40
-
SSDEEP
12288:imnzdCMZFKYY4eV1CzyNN4wmEjG5B3KjRBCNxjoqhkFteL7EE6Ep8:ZZFO4i0uZmhv1kF27j628
Malware Config
Extracted
darkcomet
Guest16_min
funsec.chickenkiller.com:2185
DCMIN_MUTEX-GEHXMWL
-
gencode
yxjT7X3ymELf
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
00075848e557109dd6a6d985c245ab9b2062ad8316b1f0032816f830459b5674
-
Size
776KB
-
MD5
723d25277abd30f89506642ba66a78db
-
SHA1
85b6cf4dcba3dbd334e06de9f997e2c4595102ae
-
SHA256
00075848e557109dd6a6d985c245ab9b2062ad8316b1f0032816f830459b5674
-
SHA512
46d3d02ef4a2a755540192563ae10c2197b24e3f393553f15111475456dbded447e9c477d0721029a1670537cea698a8fdd014d82d339ea56d4bead5adc2dd40
-
SSDEEP
12288:imnzdCMZFKYY4eV1CzyNN4wmEjG5B3KjRBCNxjoqhkFteL7EE6Ep8:ZZFO4i0uZmhv1kF27j628
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-