General
-
Target
8e45b8a93f248d1aef82d5487f17093e3e319bcfe47dcef8ec15e85e5719dbcd
-
Size
850KB
-
Sample
221128-pyjwysde75
-
MD5
6556aabfd6a3707d1ddff120f977aa8c
-
SHA1
dda2c9deb3c036466ee55cddd2ef60a6016acece
-
SHA256
8e45b8a93f248d1aef82d5487f17093e3e319bcfe47dcef8ec15e85e5719dbcd
-
SHA512
1bc4345a33041a4a7c6136378cb4d4cfe2eb788e880f8a48de278e1c60407bf29d8a93d2fd1576de38c07cc8ea73cfa4bf856afad60e9f1e432fcf08e70c1320
-
SSDEEP
12288:DAHodVfcRkTIE21Qi8gHGgZFcQT3P+XqOeo1UgpKL:DUodNcReZ2pHlxT3W7eo6yKL
Malware Config
Extracted
darkcomet
01/04/2015
takavorine.no-ip.org:1604
takavore.no-ip.org:1604
DC_MUTEX-KB3ARJQ
-
gencode
hXyDyhpL68Fr
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8e45b8a93f248d1aef82d5487f17093e3e319bcfe47dcef8ec15e85e5719dbcd
-
Size
850KB
-
MD5
6556aabfd6a3707d1ddff120f977aa8c
-
SHA1
dda2c9deb3c036466ee55cddd2ef60a6016acece
-
SHA256
8e45b8a93f248d1aef82d5487f17093e3e319bcfe47dcef8ec15e85e5719dbcd
-
SHA512
1bc4345a33041a4a7c6136378cb4d4cfe2eb788e880f8a48de278e1c60407bf29d8a93d2fd1576de38c07cc8ea73cfa4bf856afad60e9f1e432fcf08e70c1320
-
SSDEEP
12288:DAHodVfcRkTIE21Qi8gHGgZFcQT3P+XqOeo1UgpKL:DUodNcReZ2pHlxT3W7eo6yKL
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-