General
-
Target
ab19de83a8d3165a89937ae234f34013569220bb332d94c8794b66d32d72fe10
-
Size
577KB
-
Sample
221130-3kstlaeg59
-
MD5
d0bc05d64ca1ec793dca8f53a781fbba
-
SHA1
e788abd4109a08a48be57be55c85289962bd48ee
-
SHA256
ab19de83a8d3165a89937ae234f34013569220bb332d94c8794b66d32d72fe10
-
SHA512
a9cea16d71ab13ecb24f2679a46357747a9b7620a3ba4919542cb3214ccc623ec30f8a2e6bda6b081c1302a24aab5af635e9db7d12b6ec678244cda1475f09ab
-
SSDEEP
12288:ArtKaHpzB2SEWeYnGT4y/WLU4oydN6IWZ+QU/+DeM6VQQSdRJBSW:I9KW3oeLiXKLqH
Malware Config
Extracted
darkcomet
Guest16
darkrider.no-ip.biz:1603
DC_MUTEX-L73Q5LX
-
gencode
54lBq3c5kc3A
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ab19de83a8d3165a89937ae234f34013569220bb332d94c8794b66d32d72fe10
-
Size
577KB
-
MD5
d0bc05d64ca1ec793dca8f53a781fbba
-
SHA1
e788abd4109a08a48be57be55c85289962bd48ee
-
SHA256
ab19de83a8d3165a89937ae234f34013569220bb332d94c8794b66d32d72fe10
-
SHA512
a9cea16d71ab13ecb24f2679a46357747a9b7620a3ba4919542cb3214ccc623ec30f8a2e6bda6b081c1302a24aab5af635e9db7d12b6ec678244cda1475f09ab
-
SSDEEP
12288:ArtKaHpzB2SEWeYnGT4y/WLU4oydN6IWZ+QU/+DeM6VQQSdRJBSW:I9KW3oeLiXKLqH
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-