General
-
Target
f63c1df7ac182780fac26b82c05aad62276fd158251dd87011a28e6dcf4d0548
-
Size
663KB
-
Sample
221130-xrhpbaff42
-
MD5
c2798c04109f7be43d228125c6072f8f
-
SHA1
70e7824dda6e8cce581f547f82befd96cc3c1ba7
-
SHA256
f63c1df7ac182780fac26b82c05aad62276fd158251dd87011a28e6dcf4d0548
-
SHA512
c93b113fef673997900605c92753eae0a0ea5e0fb80b76e34815cdbb70e8eeb53378bf82aff30cbe9c723fce4e89d9c9c33311bc963f9d2bcd3d20c82652a5bb
-
SSDEEP
12288:gQd34HI7UadUd0bC6dV+oDXDpWzBkpjsmSXl3Hdh9LhazLhsbVxLkkRm:rcI7UaBbnaoDXtWz0smS59vd6LhsbXkP
Malware Config
Extracted
darkcomet
BITCOINMINERSKIDS
00g.no-ip.info:1604
DCMIN_MUTEX-YWZBJYG
-
gencode
3tR3gjYsyLko
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
f63c1df7ac182780fac26b82c05aad62276fd158251dd87011a28e6dcf4d0548
-
Size
663KB
-
MD5
c2798c04109f7be43d228125c6072f8f
-
SHA1
70e7824dda6e8cce581f547f82befd96cc3c1ba7
-
SHA256
f63c1df7ac182780fac26b82c05aad62276fd158251dd87011a28e6dcf4d0548
-
SHA512
c93b113fef673997900605c92753eae0a0ea5e0fb80b76e34815cdbb70e8eeb53378bf82aff30cbe9c723fce4e89d9c9c33311bc963f9d2bcd3d20c82652a5bb
-
SSDEEP
12288:gQd34HI7UadUd0bC6dV+oDXDpWzBkpjsmSXl3Hdh9LhazLhsbVxLkkRm:rcI7UaBbnaoDXtWz0smS59vd6LhsbXkP
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-