General
-
Target
045595a4493dc26842880460683d89cf44b87c4bcaa1d77ad671784aec5bd97f
-
Size
632KB
-
Sample
221130-11214ahh66
-
MD5
745ec1ff9dbb12e8a8f64e7d0404e329
-
SHA1
9b0c22b8cef19baf9217efdae81998c848165bd4
-
SHA256
045595a4493dc26842880460683d89cf44b87c4bcaa1d77ad671784aec5bd97f
-
SHA512
927f624f4088cdc0d26978a38fc70934bd7e00b22239d4677f98540a12ac34d3d827cdddcd05e77221788ed0050d0dd0ecbe3508497c5af35f56ed14f73125f0
-
SSDEEP
12288:4Shz5IBcIcxbzPSQoj8sAxu3ArRnyO6vj+4SwD4:Fz5i4x2j8hxLr09jru
Malware Config
Extracted
darkcomet
settings5
soxprox1979.zapto.org:1604
DCMIN_MUTEX-79J7P3V
-
gencode
855v2ncQdoa5
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
045595a4493dc26842880460683d89cf44b87c4bcaa1d77ad671784aec5bd97f
-
Size
632KB
-
MD5
745ec1ff9dbb12e8a8f64e7d0404e329
-
SHA1
9b0c22b8cef19baf9217efdae81998c848165bd4
-
SHA256
045595a4493dc26842880460683d89cf44b87c4bcaa1d77ad671784aec5bd97f
-
SHA512
927f624f4088cdc0d26978a38fc70934bd7e00b22239d4677f98540a12ac34d3d827cdddcd05e77221788ed0050d0dd0ecbe3508497c5af35f56ed14f73125f0
-
SSDEEP
12288:4Shz5IBcIcxbzPSQoj8sAxu3ArRnyO6vj+4SwD4:Fz5i4x2j8hxLr09jru
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-