General
-
Target
03f0bbbb074387a842453bceb36d21bca6e7384aedb06deea6db80c6498af46a
-
Size
1.1MB
-
Sample
221128-kqvw2aah26
-
MD5
371789a82288a5f651a17646058dfe1c
-
SHA1
5688490e64040f3ad65ade86e737c7dd1d4173d4
-
SHA256
03f0bbbb074387a842453bceb36d21bca6e7384aedb06deea6db80c6498af46a
-
SHA512
f892afa873263ad8c927841f9f05bb623598b9be792f862db300a3e47bf5e293a68adce915df2e968a23a057340c84f75eee890d30667869a0438ef10c959eef
-
SSDEEP
24576:4zr9e8sPOtUxLclBE+tXpMLT1GadGm6odzdQ5uRhuVvq7gw:4FTsPjcNTaIm6cXuVy
Malware Config
Extracted
darkcomet
Guest16
skto.no-ip.org:47909
DC_MUTEX-JDDR2RQ
-
gencode
53lB9WCFikcy
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
03f0bbbb074387a842453bceb36d21bca6e7384aedb06deea6db80c6498af46a
-
Size
1.1MB
-
MD5
371789a82288a5f651a17646058dfe1c
-
SHA1
5688490e64040f3ad65ade86e737c7dd1d4173d4
-
SHA256
03f0bbbb074387a842453bceb36d21bca6e7384aedb06deea6db80c6498af46a
-
SHA512
f892afa873263ad8c927841f9f05bb623598b9be792f862db300a3e47bf5e293a68adce915df2e968a23a057340c84f75eee890d30667869a0438ef10c959eef
-
SSDEEP
24576:4zr9e8sPOtUxLclBE+tXpMLT1GadGm6odzdQ5uRhuVvq7gw:4FTsPjcNTaIm6cXuVy
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-