General
-
Target
8bc6821671b23e2332dbc053994a9730f8ba1223d3ada55c6862819a834dadf4
-
Size
991KB
-
Sample
221130-1114ssda8t
-
MD5
11e3b2761607342d846c806d3751449d
-
SHA1
bfe6ed2330a60bd526b5d8539ad2b42234eaf485
-
SHA256
8bc6821671b23e2332dbc053994a9730f8ba1223d3ada55c6862819a834dadf4
-
SHA512
3da48d314f4ef8ae143269316b675f45ab33bca167ea38f9b2842480e240598144e4c742320d73c9c0aed78b8de5667426c79cb08ce33b4122db3b743aab80b1
-
SSDEEP
24576:dysHFwrLe9O5VqIuJo9j9GzqlQ5VqIuJ:wslwLe97IuJo9j9BZIuJ
Malware Config
Extracted
darkcomet
Guest16
titus.no-ip.biz:1604
DC_MUTEX-ZHXEX9Y
-
gencode
2gyJ6nSw7VhP
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
8bc6821671b23e2332dbc053994a9730f8ba1223d3ada55c6862819a834dadf4
-
Size
991KB
-
MD5
11e3b2761607342d846c806d3751449d
-
SHA1
bfe6ed2330a60bd526b5d8539ad2b42234eaf485
-
SHA256
8bc6821671b23e2332dbc053994a9730f8ba1223d3ada55c6862819a834dadf4
-
SHA512
3da48d314f4ef8ae143269316b675f45ab33bca167ea38f9b2842480e240598144e4c742320d73c9c0aed78b8de5667426c79cb08ce33b4122db3b743aab80b1
-
SSDEEP
24576:dysHFwrLe9O5VqIuJo9j9GzqlQ5VqIuJ:wslwLe97IuJo9j9BZIuJ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-