General
-
Target
d7aeaecd0d03b0b598b82e4ba90bad47c75e70e71574a71c4fec85704242db16
-
Size
760KB
-
Sample
221130-1z6b5ahg96
-
MD5
2ad7fb32deb764e1bb9e04f483233458
-
SHA1
03df1f8af6929713d04b78c347b665957b13f2de
-
SHA256
d7aeaecd0d03b0b598b82e4ba90bad47c75e70e71574a71c4fec85704242db16
-
SHA512
72a12a285e04566a4b9126ab7109f293e86bd9daa34730966e12fc71abad0f4f0338058e07ab8d196fa2a02332d5e17b3426509d078c51050e32dcf8dfa51e12
-
SSDEEP
12288:D3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RJGC:7OA4aWNn/m09fKIaaBEtWq3A1Ov8JgbH
Malware Config
Extracted
darkcomet
HF
coolkidenters.no-ip.biz:1604
DC_MUTEX-60P1NR6
-
gencode
lZoCKCkLqPtw
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
d7aeaecd0d03b0b598b82e4ba90bad47c75e70e71574a71c4fec85704242db16
-
Size
760KB
-
MD5
2ad7fb32deb764e1bb9e04f483233458
-
SHA1
03df1f8af6929713d04b78c347b665957b13f2de
-
SHA256
d7aeaecd0d03b0b598b82e4ba90bad47c75e70e71574a71c4fec85704242db16
-
SHA512
72a12a285e04566a4b9126ab7109f293e86bd9daa34730966e12fc71abad0f4f0338058e07ab8d196fa2a02332d5e17b3426509d078c51050e32dcf8dfa51e12
-
SSDEEP
12288:D3OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RJGC:7OA4aWNn/m09fKIaaBEtWq3A1Ov8JgbH
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-