General
-
Target
c9d13f8443f6eb98d12689b1c30988ffef51a62addb33aeef025918e7a69624e
-
Size
976KB
-
Sample
221130-1c14wsbb3z
-
MD5
6b9b69e761a41dadcc0adf3b63a43a3c
-
SHA1
3835417599394198e15c474174dbc2a4b82c5aac
-
SHA256
c9d13f8443f6eb98d12689b1c30988ffef51a62addb33aeef025918e7a69624e
-
SHA512
4bb478839a526c81659e210b77d0ea51356f8f3db25f051a9013856a64a50392ffcc5c1fa988cd6968038ef1daed7eba37382f48e7c63a413506f16e068d6e1d
-
SSDEEP
12288:v/5FWIEv6ZsSNobjXETyTcNgw7E+vGK/wiBnqAFTIMafJzq0QOvRn5a/3ikz16s7:H5FWv6NNobjET/rgfAws6Mabng5lunJc
Malware Config
Extracted
darkcomet
victima
127.0.0.1:81
DC_MUTEX-D5BBZXB
-
gencode
zbG3XCPRHaix
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
c9d13f8443f6eb98d12689b1c30988ffef51a62addb33aeef025918e7a69624e
-
Size
976KB
-
MD5
6b9b69e761a41dadcc0adf3b63a43a3c
-
SHA1
3835417599394198e15c474174dbc2a4b82c5aac
-
SHA256
c9d13f8443f6eb98d12689b1c30988ffef51a62addb33aeef025918e7a69624e
-
SHA512
4bb478839a526c81659e210b77d0ea51356f8f3db25f051a9013856a64a50392ffcc5c1fa988cd6968038ef1daed7eba37382f48e7c63a413506f16e068d6e1d
-
SSDEEP
12288:v/5FWIEv6ZsSNobjXETyTcNgw7E+vGK/wiBnqAFTIMafJzq0QOvRn5a/3ikz16s7:H5FWv6NNobjET/rgfAws6Mabng5lunJc
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-