General
-
Target
e9a82d7eff5ae9f706f533fa22f75851aeced4de007e9aaa4c33a72feb98683a
-
Size
806KB
-
Sample
221201-l1czmsbf7t
-
MD5
5f4783d9a6685b285c181610d4de7680
-
SHA1
5ca336c61c75a03e451d30ad8e4b4f428e97bd70
-
SHA256
e9a82d7eff5ae9f706f533fa22f75851aeced4de007e9aaa4c33a72feb98683a
-
SHA512
ee948a3963199989986e66de73f3fc7bcaf982c682b327c59e894a252cc32ff81da27765b6049ed6a684a9744a332619d58c2f292a8b2509abe81ce3ef86f455
-
SSDEEP
24576:/CtldIoIz4btM/lRT+CwzgEVBAeOQKNKKKKKKKKKKKKKKKKKuKKKKKeKKKKK6:/Ctzbk4bi2XzxBAeOQKNKKKKKKKKKKKr
Malware Config
Extracted
darkcomet
Greatz
blad3.no-ip.biz:2505
DC_MUTEX-6WACMVV
-
gencode
Nr7658fF3Cdk
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
e9a82d7eff5ae9f706f533fa22f75851aeced4de007e9aaa4c33a72feb98683a
-
Size
806KB
-
MD5
5f4783d9a6685b285c181610d4de7680
-
SHA1
5ca336c61c75a03e451d30ad8e4b4f428e97bd70
-
SHA256
e9a82d7eff5ae9f706f533fa22f75851aeced4de007e9aaa4c33a72feb98683a
-
SHA512
ee948a3963199989986e66de73f3fc7bcaf982c682b327c59e894a252cc32ff81da27765b6049ed6a684a9744a332619d58c2f292a8b2509abe81ce3ef86f455
-
SSDEEP
24576:/CtldIoIz4btM/lRT+CwzgEVBAeOQKNKKKKKKKKKKKKKKKKKuKKKKKeKKKKK6:/Ctzbk4bi2XzxBAeOQKNKKKKKKKKKKKr
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-