General
-
Target
28ec18db24adc245e4eb3b4f42d06d9a2fcd3c505f392c1ba4dc580beba8e778
-
Size
1.0MB
-
Sample
221125-d5gjmahc99
-
MD5
e23c9ce8a7f6dcf467dbe2be63c99a38
-
SHA1
541432289a6fac3eaf5bbdb4143d57c17cc8058a
-
SHA256
28ec18db24adc245e4eb3b4f42d06d9a2fcd3c505f392c1ba4dc580beba8e778
-
SHA512
b2d991f14c1e3afae762d7dd02369bd6753d20c7f6e9fde75b75f69f9d26a92305c286073bd0c64722aea50e86c604b6c7706e5bff79ba4c1a5a8e354b8a8d54
-
SSDEEP
24576:0Izk8Sm3KcAtA6uuhLKJHuWBon7ZPz8xIdtIi:NkpmAtA6uuhLGHufd8xIdtIi
Malware Config
Extracted
darkcomet
ALI
lazzycapt11.no-ip.org:1604
DCMIN_MUTEX-G4BJZF0
-
gencode
DsLU1u8JSoHo
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
28ec18db24adc245e4eb3b4f42d06d9a2fcd3c505f392c1ba4dc580beba8e778
-
Size
1.0MB
-
MD5
e23c9ce8a7f6dcf467dbe2be63c99a38
-
SHA1
541432289a6fac3eaf5bbdb4143d57c17cc8058a
-
SHA256
28ec18db24adc245e4eb3b4f42d06d9a2fcd3c505f392c1ba4dc580beba8e778
-
SHA512
b2d991f14c1e3afae762d7dd02369bd6753d20c7f6e9fde75b75f69f9d26a92305c286073bd0c64722aea50e86c604b6c7706e5bff79ba4c1a5a8e354b8a8d54
-
SSDEEP
24576:0Izk8Sm3KcAtA6uuhLKJHuWBon7ZPz8xIdtIi:NkpmAtA6uuhLGHufd8xIdtIi
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-