General
-
Target
d449e6e983233884f78f3c42a9aab270d125912b0b376a18795d1e73075dddcd
-
Size
1020KB
-
Sample
221126-b8ne8sgb51
-
MD5
6eb8c9e5bdefba159845ea5a03cd83fb
-
SHA1
add104b21b3064c7d2b465c0f02ac32d9880d43e
-
SHA256
d449e6e983233884f78f3c42a9aab270d125912b0b376a18795d1e73075dddcd
-
SHA512
1fafc39f9724740b88db1efc2f5ef1f5951ad2b0b7b4dc2c784be179360dedd39debf7f89886fde0aace1f57fb0445e1b885fa250ea03a9975747e805e563952
-
SSDEEP
24576:9VUkyvjjmr0Jc8+U9h8qkLl54LWyzaSfuRfDasGIy/EnyiZOQc:3UkMEVU9h2ZiPzaSmRrfWEnrZNc
Malware Config
Extracted
darkcomet
Ganzneu
windowshomesetup.no-ip.biz:8088
DC_MUTEX-DL446XT
-
gencode
CzbzF2gzTSH5
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d449e6e983233884f78f3c42a9aab270d125912b0b376a18795d1e73075dddcd
-
Size
1020KB
-
MD5
6eb8c9e5bdefba159845ea5a03cd83fb
-
SHA1
add104b21b3064c7d2b465c0f02ac32d9880d43e
-
SHA256
d449e6e983233884f78f3c42a9aab270d125912b0b376a18795d1e73075dddcd
-
SHA512
1fafc39f9724740b88db1efc2f5ef1f5951ad2b0b7b4dc2c784be179360dedd39debf7f89886fde0aace1f57fb0445e1b885fa250ea03a9975747e805e563952
-
SSDEEP
24576:9VUkyvjjmr0Jc8+U9h8qkLl54LWyzaSfuRfDasGIy/EnyiZOQc:3UkMEVU9h2ZiPzaSmRrfWEnrZNc
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-