General
-
Target
ba43a29dd746a0a8b20976fc66d73163ae23c82d17efb3e7c550c5251f68fc84
-
Size
927KB
-
Sample
221124-yxb96aaf81
-
MD5
bf410346a3eaa6a1c08356c9b3a4400b
-
SHA1
cc24e74f2f143b834235f620cd9e166bbc5dcdf2
-
SHA256
ba43a29dd746a0a8b20976fc66d73163ae23c82d17efb3e7c550c5251f68fc84
-
SHA512
d1f7199d8be208f017a85a281d7c34bcbae58071b3201bc395338db6333664098cfc4a907157e13bc49ecfad997506fb62eb79567626015852d9a2a2db60f5b4
-
SSDEEP
12288:neHNymXfoZu8c4H6mGragHScsjZ+Sub4BylMomOtTfqiyt2i:WfoZ+4awJD0GVa
Malware Config
Extracted
darkcomet
Bot
siegewow.no-ip.info:81
DC_MUTEX-1T85167
-
gencode
d38W2hTdwXgw
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ba43a29dd746a0a8b20976fc66d73163ae23c82d17efb3e7c550c5251f68fc84
-
Size
927KB
-
MD5
bf410346a3eaa6a1c08356c9b3a4400b
-
SHA1
cc24e74f2f143b834235f620cd9e166bbc5dcdf2
-
SHA256
ba43a29dd746a0a8b20976fc66d73163ae23c82d17efb3e7c550c5251f68fc84
-
SHA512
d1f7199d8be208f017a85a281d7c34bcbae58071b3201bc395338db6333664098cfc4a907157e13bc49ecfad997506fb62eb79567626015852d9a2a2db60f5b4
-
SSDEEP
12288:neHNymXfoZu8c4H6mGragHScsjZ+Sub4BylMomOtTfqiyt2i:WfoZ+4awJD0GVa
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-