General
-
Target
9326e840342024f727e9a2b56efbdae6c798425972f0e58d01b5f564ab80de8c
-
Size
6.9MB
-
Sample
221125-legqpsga34
-
MD5
7db9e97bbd23d33100885f6b032cfb06
-
SHA1
f82264d9d8b2cd10f48ca53088c9c2a70f15ee68
-
SHA256
9326e840342024f727e9a2b56efbdae6c798425972f0e58d01b5f564ab80de8c
-
SHA512
f432463c05597e37dcd035efc8f9539af8e7d4f26363c402805f9ca77782784c924736f2f1b4f813967d886d040900d76ca225e39f4760b6059c209cc8b56e78
-
SSDEEP
196608:Nviq75/Tzuf0tNzwd1uQrASQUugKWEjNl:xiC/Vqd1bQ5WYf
Malware Config
Extracted
darkcomet
Guest15
skalede767.hopto.org:1604
DC_MUTEX-HF2YCAJ
-
InstallPath
test\test.exe
-
gencode
NzBN759r41eg
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
testt
Targets
-
-
Target
9326e840342024f727e9a2b56efbdae6c798425972f0e58d01b5f564ab80de8c
-
Size
6.9MB
-
MD5
7db9e97bbd23d33100885f6b032cfb06
-
SHA1
f82264d9d8b2cd10f48ca53088c9c2a70f15ee68
-
SHA256
9326e840342024f727e9a2b56efbdae6c798425972f0e58d01b5f564ab80de8c
-
SHA512
f432463c05597e37dcd035efc8f9539af8e7d4f26363c402805f9ca77782784c924736f2f1b4f813967d886d040900d76ca225e39f4760b6059c209cc8b56e78
-
SSDEEP
196608:Nviq75/Tzuf0tNzwd1uQrASQUugKWEjNl:xiC/Vqd1bQ5WYf
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-