General
-
Target
af6ae8c114893ee5ed1b4539a25521fb6fec395172ce205a142aaac2b4194b3b
-
Size
1.7MB
-
Sample
221127-w6yhmsde3x
-
MD5
a9789f4dc8bbdcd6c22ed1b148c3fcb8
-
SHA1
999177196e360026fca25aec24007cff6d0aff54
-
SHA256
af6ae8c114893ee5ed1b4539a25521fb6fec395172ce205a142aaac2b4194b3b
-
SHA512
e446586b710a585f25d080bb1dccbfcd641f6a37382aa9c5c3cd944b5fbc1304b2e656e6b41c07324e3260c6fb172462053c9ba6ca8b56eac9776bd7312f4c9a
-
SSDEEP
49152:qHss5bjTFCMTZdn9w4i6keljuS3ahiL2PF:IsqfF7Vkedo8LyF
Malware Config
Extracted
darkcomet
Shop
dcinkry.no-ip.org:1604
DC_MUTEX-XV3QUDJ
-
gencode
EjewCXU0HnVa
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
af6ae8c114893ee5ed1b4539a25521fb6fec395172ce205a142aaac2b4194b3b
-
Size
1.7MB
-
MD5
a9789f4dc8bbdcd6c22ed1b148c3fcb8
-
SHA1
999177196e360026fca25aec24007cff6d0aff54
-
SHA256
af6ae8c114893ee5ed1b4539a25521fb6fec395172ce205a142aaac2b4194b3b
-
SHA512
e446586b710a585f25d080bb1dccbfcd641f6a37382aa9c5c3cd944b5fbc1304b2e656e6b41c07324e3260c6fb172462053c9ba6ca8b56eac9776bd7312f4c9a
-
SSDEEP
49152:qHss5bjTFCMTZdn9w4i6keljuS3ahiL2PF:IsqfF7Vkedo8LyF
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-