General
-
Target
cdf1fc89d06955c1c4974ed8c229c4eecf8bba4ffdbe99be47cdea71378a16d0
-
Size
485KB
-
Sample
221127-w7bp9sde6x
-
MD5
a026aec96f86b5aa9a5865d1077dae0e
-
SHA1
cf2e36d388a7f845387a97f3f0c77c77b1c55988
-
SHA256
cdf1fc89d06955c1c4974ed8c229c4eecf8bba4ffdbe99be47cdea71378a16d0
-
SHA512
c77974434c2f065bcfe6e5bf32e097a0c2d35d05cc0f20e75a421ff9c0a76034f4a72a33ed295c147800f6b937c7f9b4b25dd2ef6d28472b234a0a1ba18a06d0
-
SSDEEP
12288:xNMAK4dRRmq28Q3v1GxBMsE6dQs4Hc61JX2Upy+:xNn3c/UMsE/cAmS
Malware Config
Extracted
darkcomet
Bot
takeit23.chickenkiller.com:6993
DC_MUTEX-HEN14M3
-
gencode
9M36A1ngLJGa
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
cdf1fc89d06955c1c4974ed8c229c4eecf8bba4ffdbe99be47cdea71378a16d0
-
Size
485KB
-
MD5
a026aec96f86b5aa9a5865d1077dae0e
-
SHA1
cf2e36d388a7f845387a97f3f0c77c77b1c55988
-
SHA256
cdf1fc89d06955c1c4974ed8c229c4eecf8bba4ffdbe99be47cdea71378a16d0
-
SHA512
c77974434c2f065bcfe6e5bf32e097a0c2d35d05cc0f20e75a421ff9c0a76034f4a72a33ed295c147800f6b937c7f9b4b25dd2ef6d28472b234a0a1ba18a06d0
-
SSDEEP
12288:xNMAK4dRRmq28Q3v1GxBMsE6dQs4Hc61JX2Upy+:xNn3c/UMsE/cAmS
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-