General
-
Target
da98b445903f3b4dd5469eb21838f717531b821fc5bffa261e7bc4cd77fc597e
-
Size
1.5MB
-
Sample
221128-sqx1dsha6t
-
MD5
13b0bb371405d766c7b698455ad22ebf
-
SHA1
093470a21b95c0d34769699418d2a83e437d98cd
-
SHA256
da98b445903f3b4dd5469eb21838f717531b821fc5bffa261e7bc4cd77fc597e
-
SHA512
595227feeac866e02821f2701f6473ccce8e186d8b7c0aeeede3566418bca2304e946685b10f831aefdf89f33535dba9ba90c62aec13f5ce81cbccb3b7812d26
-
SSDEEP
24576:Btb20pkaCqT5TBWgNQ7agUNNJr7CuqLPeZukQIrsY8bKqHOx2qo6A:SVg5tQ7agGNh+uqzeVQVJbKqW45
Malware Config
Extracted
darkcomet
Vic
trojanjava.gotdns.ch:1601
DC_MUTEX-RGY6L3P
-
gencode
pVdHH1vr2daX
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
da98b445903f3b4dd5469eb21838f717531b821fc5bffa261e7bc4cd77fc597e
-
Size
1.5MB
-
MD5
13b0bb371405d766c7b698455ad22ebf
-
SHA1
093470a21b95c0d34769699418d2a83e437d98cd
-
SHA256
da98b445903f3b4dd5469eb21838f717531b821fc5bffa261e7bc4cd77fc597e
-
SHA512
595227feeac866e02821f2701f6473ccce8e186d8b7c0aeeede3566418bca2304e946685b10f831aefdf89f33535dba9ba90c62aec13f5ce81cbccb3b7812d26
-
SSDEEP
24576:Btb20pkaCqT5TBWgNQ7agUNNJr7CuqLPeZukQIrsY8bKqHOx2qo6A:SVg5tQ7agGNh+uqzeVQVJbKqW45
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-