General
-
Target
de3bb4242c91de7356b088b6986aba04e3fef7a678da279e1688e13f74ccc781
-
Size
742KB
-
Sample
221124-wsz5baec5z
-
MD5
62bc51bab1e9d1c1e3814941aa1314aa
-
SHA1
92a9d44ca0603f5e88ce61deb3bc1c45f77082b5
-
SHA256
de3bb4242c91de7356b088b6986aba04e3fef7a678da279e1688e13f74ccc781
-
SHA512
b901017948516db6a4ff0902fa79bfd314089238281b20a8cb103d76679b1ac02e37e192e17044edbc408e49855ae1bc448be177487d47b7cabcde799404a218
-
SSDEEP
12288:vn+gAN9VDTJ3kuHsldLbumM8oItMZzgRce67pxJ1s1hGi1EK4CbBwPHQtLx:PYxV3ILA8ohZzgKbpxJ12kWMCb1
Malware Config
Extracted
darkcomet
SPECIALty
tolaresfgc.ddns.net:6900
DC_MUTEX-YE2HHZB
-
gencode
VLcXYdECg7L7
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
de3bb4242c91de7356b088b6986aba04e3fef7a678da279e1688e13f74ccc781
-
Size
742KB
-
MD5
62bc51bab1e9d1c1e3814941aa1314aa
-
SHA1
92a9d44ca0603f5e88ce61deb3bc1c45f77082b5
-
SHA256
de3bb4242c91de7356b088b6986aba04e3fef7a678da279e1688e13f74ccc781
-
SHA512
b901017948516db6a4ff0902fa79bfd314089238281b20a8cb103d76679b1ac02e37e192e17044edbc408e49855ae1bc448be177487d47b7cabcde799404a218
-
SSDEEP
12288:vn+gAN9VDTJ3kuHsldLbumM8oItMZzgRce67pxJ1s1hGi1EK4CbBwPHQtLx:PYxV3ILA8ohZzgKbpxJ12kWMCb1
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-