General
-
Target
a0da370191530a62665badabb1a9bdb59aff3b5027d7ce747e67e4abed6bcc9b
-
Size
665KB
-
Sample
221127-mn6lvsaf98
-
MD5
0c3b19288ee794619eea2df998b917a3
-
SHA1
5c50a150245c0a89bb7e987ecc3736e3f006fd44
-
SHA256
a0da370191530a62665badabb1a9bdb59aff3b5027d7ce747e67e4abed6bcc9b
-
SHA512
95096b5a9cb6d9fd13d9199a83bb2f0bff48b2ef377d2939f68910dd691c777fe6c13d8b9c42631ac5be18962fcdc721a084938e9280e4f9c85c058c734d7b89
-
SSDEEP
12288:2L2bNjLrIAh8EYP8dRUWnlG5FtEGo5MAAG5bV62QyVr41tXFFRTLTuYgWhQTCeG4:4etL0Ah8EYPvWnw3EGo5rAqRQy+D1FRE
Malware Config
Extracted
darkcomet
Guest17
trojanjava.gotdns.ch:1601
DC_MUTEX-G5R3YW8
-
gencode
s8Bntwm0Tczo
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
a0da370191530a62665badabb1a9bdb59aff3b5027d7ce747e67e4abed6bcc9b
-
Size
665KB
-
MD5
0c3b19288ee794619eea2df998b917a3
-
SHA1
5c50a150245c0a89bb7e987ecc3736e3f006fd44
-
SHA256
a0da370191530a62665badabb1a9bdb59aff3b5027d7ce747e67e4abed6bcc9b
-
SHA512
95096b5a9cb6d9fd13d9199a83bb2f0bff48b2ef377d2939f68910dd691c777fe6c13d8b9c42631ac5be18962fcdc721a084938e9280e4f9c85c058c734d7b89
-
SSDEEP
12288:2L2bNjLrIAh8EYP8dRUWnlG5FtEGo5MAAG5bV62QyVr41tXFFRTLTuYgWhQTCeG4:4etL0Ah8EYPvWnw3EGo5rAqRQy+D1FRE
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-