General
-
Target
76403cb6bdbe8026323f0c035185b8da65f9326eb05b3095c5cdb6399e35b9b0
-
Size
720KB
-
Sample
221201-hk8jtsha4x
-
MD5
3d65fef39d9a62779c83e5201d8199fb
-
SHA1
dcebbb7eb9e1165ade8c2b86622d878da99d7822
-
SHA256
76403cb6bdbe8026323f0c035185b8da65f9326eb05b3095c5cdb6399e35b9b0
-
SHA512
63dc1c2330345c29b5f225f94b533398ed293204e1ff836806a79fc27325eb1e0940be445027e4f3af3a93a56d1000f4ede7c52e4c22a230a652574cbac228f2
-
SSDEEP
12288:VPIgdjGu7ST5GhhouT3BK+QLpBUx7MXSLqny3hXd2RuSc1w929FE:VPXdjGu7STCQNpwwiLqnyRtuY7v
Malware Config
Extracted
darkcomet
Main
proxydude1.no-ip.biz:1604
DCMIN_MUTEX-FJVBHU6
-
gencode
MW7w2GyxBua5
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
76403cb6bdbe8026323f0c035185b8da65f9326eb05b3095c5cdb6399e35b9b0
-
Size
720KB
-
MD5
3d65fef39d9a62779c83e5201d8199fb
-
SHA1
dcebbb7eb9e1165ade8c2b86622d878da99d7822
-
SHA256
76403cb6bdbe8026323f0c035185b8da65f9326eb05b3095c5cdb6399e35b9b0
-
SHA512
63dc1c2330345c29b5f225f94b533398ed293204e1ff836806a79fc27325eb1e0940be445027e4f3af3a93a56d1000f4ede7c52e4c22a230a652574cbac228f2
-
SSDEEP
12288:VPIgdjGu7ST5GhhouT3BK+QLpBUx7MXSLqny3hXd2RuSc1w929FE:VPXdjGu7STCQNpwwiLqnyRtuY7v
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-