General
-
Target
93c73d20cc1496e1b5f1279faab47737d7239abd657d045aceefe50cc2110224
-
Size
1.2MB
-
Sample
221201-ax5dyahe29
-
MD5
4ff9fd4cc7578f99ae0009d289058299
-
SHA1
780eb1b18937af9f119b21fe96054a94f9634608
-
SHA256
93c73d20cc1496e1b5f1279faab47737d7239abd657d045aceefe50cc2110224
-
SHA512
78dcef0301cab8f7c71fae85dab4485adea05e144a515ee6dcdf98aaff8fd65dd0e178d6d2ca45e85ae97fc0a1741ed13184caa4d7afb5be86f2611e69f5e346
-
SSDEEP
24576:wQOK4AtPhapwzHXddGXoVOYzA7uN3OrdvNBjCq:wQnaerX3go1zjN3OZFBjCq
Malware Config
Extracted
darkcomet
Guest16
justinisgey.no-ip.org:1604
DC_MUTEX-F54S21D
-
gencode
mtbCGnpKBufi
-
install
false
-
offline_keylogger
true
-
password
024098
-
persistence
false
Targets
-
-
Target
93c73d20cc1496e1b5f1279faab47737d7239abd657d045aceefe50cc2110224
-
Size
1.2MB
-
MD5
4ff9fd4cc7578f99ae0009d289058299
-
SHA1
780eb1b18937af9f119b21fe96054a94f9634608
-
SHA256
93c73d20cc1496e1b5f1279faab47737d7239abd657d045aceefe50cc2110224
-
SHA512
78dcef0301cab8f7c71fae85dab4485adea05e144a515ee6dcdf98aaff8fd65dd0e178d6d2ca45e85ae97fc0a1741ed13184caa4d7afb5be86f2611e69f5e346
-
SSDEEP
24576:wQOK4AtPhapwzHXddGXoVOYzA7uN3OrdvNBjCq:wQnaerX3go1zjN3OZFBjCq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-