General
-
Target
fd42ca44c810ec12475aa748620dd57a0aa8565ffb27bfc01201032b0561eceb
-
Size
803KB
-
Sample
221127-rvpddahf31
-
MD5
3a0639a82455512cc6b3e62de87f4731
-
SHA1
7f326297f899e97954953c779244bbbade00d6f4
-
SHA256
fd42ca44c810ec12475aa748620dd57a0aa8565ffb27bfc01201032b0561eceb
-
SHA512
47ec748a97461a263b4c677c620296616cac84fa51a0b0212102d4c7350bf9d339fdf7934fa46689fe52a6f0d731157536b6bb85ff3841c03c5b3b8798007779
-
SSDEEP
12288:d8pU57DxU2ku9aM96k+naM3BjuUfS0qAPEIMWDXhE9qGerhRatWu6:a25Jhkm9rnMgUK0qBIVVGeD9
Malware Config
Extracted
darkcomet
Zombie
jacksbotlist.zapto.org:1604
DC_MUTEX-GB0F9SN
-
gencode
oDRF7HD6Rs4F
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
fd42ca44c810ec12475aa748620dd57a0aa8565ffb27bfc01201032b0561eceb
-
Size
803KB
-
MD5
3a0639a82455512cc6b3e62de87f4731
-
SHA1
7f326297f899e97954953c779244bbbade00d6f4
-
SHA256
fd42ca44c810ec12475aa748620dd57a0aa8565ffb27bfc01201032b0561eceb
-
SHA512
47ec748a97461a263b4c677c620296616cac84fa51a0b0212102d4c7350bf9d339fdf7934fa46689fe52a6f0d731157536b6bb85ff3841c03c5b3b8798007779
-
SSDEEP
12288:d8pU57DxU2ku9aM96k+naM3BjuUfS0qAPEIMWDXhE9qGerhRatWu6:a25Jhkm9rnMgUK0qBIVVGeD9
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-