General
-
Target
aa3a1953002d68e2a47184a4330b91550386826949b7aba5b0472b16d7fdba68
-
Size
688KB
-
Sample
221124-ehw68sah3w
-
MD5
c373556332f48435c9ee85d7f7b59fa5
-
SHA1
894e1ca1487ae6f5b56ca07aae1368f142157335
-
SHA256
aa3a1953002d68e2a47184a4330b91550386826949b7aba5b0472b16d7fdba68
-
SHA512
9ef0fa7179fc5fcff49d80a152b53d13bbe2c6d3b87f88056ddb5ea3fbec4c0c7c2520e14468fd2116967030258f24119e86b7cc53292b2feb00ce284576ab48
-
SSDEEP
12288:eCp61Z0OYunIBU+KMSZWQmzHZEV81N68wUUl9G9TsjNk4AhveYp1:eCg1BIBU+6ZWQmzWlgSW4Ah7
Malware Config
Extracted
darkcomet
DC 5.1
netspych.no-ip.biz:1604
DC_MUTEX-X8NHXUZ
-
gencode
1tkzfnt8C2wn
-
install
false
-
offline_keylogger
true
-
password
nsc2012
-
persistence
false
Targets
-
-
Target
aa3a1953002d68e2a47184a4330b91550386826949b7aba5b0472b16d7fdba68
-
Size
688KB
-
MD5
c373556332f48435c9ee85d7f7b59fa5
-
SHA1
894e1ca1487ae6f5b56ca07aae1368f142157335
-
SHA256
aa3a1953002d68e2a47184a4330b91550386826949b7aba5b0472b16d7fdba68
-
SHA512
9ef0fa7179fc5fcff49d80a152b53d13bbe2c6d3b87f88056ddb5ea3fbec4c0c7c2520e14468fd2116967030258f24119e86b7cc53292b2feb00ce284576ab48
-
SSDEEP
12288:eCp61Z0OYunIBU+KMSZWQmzHZEV81N68wUUl9G9TsjNk4AhveYp1:eCg1BIBU+6ZWQmzWlgSW4Ah7
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-