General
-
Target
f16146b2813264d6839db18045588636224d0c54680e22a2d3922a66c2707b0e
-
Size
1.5MB
-
Sample
221126-2lp9esea71
-
MD5
28ab0f56fe107f1ccd4454b5aaee9f44
-
SHA1
bf97582c24e7617d370ba436e7a7f5f49bedf9e4
-
SHA256
f16146b2813264d6839db18045588636224d0c54680e22a2d3922a66c2707b0e
-
SHA512
7fa9d93e12c98fa741ac4545cc92054745e7445df2262a58ec8765fccc9d0ebb359023022f67a9c66e4a3c46b5978f25795e00e4103aa2960a91e18e2579343f
-
SSDEEP
24576:rbCj2sObHtqQ4Qr99spUp0spxp6yzNl4q3mvNQM3YKp:rbCjPKNqQApUprpxp6yzNRa
Malware Config
Extracted
darkcomet
Bot
thankforthisfdp.crabdance.com:1604
DCMIN_MUTEX-MELURR9
-
gencode
yRLcrSwVsvEJ
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f16146b2813264d6839db18045588636224d0c54680e22a2d3922a66c2707b0e
-
Size
1.5MB
-
MD5
28ab0f56fe107f1ccd4454b5aaee9f44
-
SHA1
bf97582c24e7617d370ba436e7a7f5f49bedf9e4
-
SHA256
f16146b2813264d6839db18045588636224d0c54680e22a2d3922a66c2707b0e
-
SHA512
7fa9d93e12c98fa741ac4545cc92054745e7445df2262a58ec8765fccc9d0ebb359023022f67a9c66e4a3c46b5978f25795e00e4103aa2960a91e18e2579343f
-
SSDEEP
24576:rbCj2sObHtqQ4Qr99spUp0spxp6yzNl4q3mvNQM3YKp:rbCjPKNqQApUprpxp6yzNRa
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-