General
-
Target
e23631c3ebc6ed8f16449ad86a485f769cd8b4da96c857c9e59121f9ac4c4c01
-
Size
1.4MB
-
Sample
221128-a7lpksgb5w
-
MD5
6c6c16697a1a4163f878854d813e2481
-
SHA1
3cfaf6af2b24dcc8f960163e31d9e4b8299774d6
-
SHA256
e23631c3ebc6ed8f16449ad86a485f769cd8b4da96c857c9e59121f9ac4c4c01
-
SHA512
42780b13a478a4b6d62495923fcfcbcab12390b2e3f263c3a2b7382695592f1c807c61d886686a25fb30ea2ab3721ca2dbb988fa71bbdcde4df6b15f57afe69a
-
SSDEEP
24576:eRmJkcoQricOIQxiZY1iaYU9U2A5kbcUFBO4g262ylRoYo9E:LJZoQrbTFZY1iaR9U26GcUk262h8
Malware Config
Extracted
darkcomet
Guest
dutchrape.ddns.net:25489
DC_MUTEX-4BJ94T2
-
gencode
1hayM07mrFRJ
-
install
false
-
offline_keylogger
true
-
password
password9356
-
persistence
false
Targets
-
-
Target
e23631c3ebc6ed8f16449ad86a485f769cd8b4da96c857c9e59121f9ac4c4c01
-
Size
1.4MB
-
MD5
6c6c16697a1a4163f878854d813e2481
-
SHA1
3cfaf6af2b24dcc8f960163e31d9e4b8299774d6
-
SHA256
e23631c3ebc6ed8f16449ad86a485f769cd8b4da96c857c9e59121f9ac4c4c01
-
SHA512
42780b13a478a4b6d62495923fcfcbcab12390b2e3f263c3a2b7382695592f1c807c61d886686a25fb30ea2ab3721ca2dbb988fa71bbdcde4df6b15f57afe69a
-
SSDEEP
24576:eRmJkcoQricOIQxiZY1iaYU9U2A5kbcUFBO4g262ylRoYo9E:LJZoQrbTFZY1iaR9U26GcUk262h8
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-