General
-
Target
91ed988a44af275b7d49d8542494a448fec80cb3d31bb05a78b3994158e44323
-
Size
1.4MB
-
Sample
221202-148ytahh22
-
MD5
ce11858d4c29894d66a3e125d2ab60d6
-
SHA1
c4685c4e59290f6402437812887819ec736e1cf8
-
SHA256
91ed988a44af275b7d49d8542494a448fec80cb3d31bb05a78b3994158e44323
-
SHA512
d8245539cae562a12c6910a67546f03be6f40e3d4c1b33f8e935eacad33d39ff7635c9ef8a041ba9aa451756ddb0c00880b1195cc626e900bb1c3fb7d9ecebaa
-
SSDEEP
24576:fthEVaPqLTx3gMjfkJ9qPRZJydg2kIBIfOkbMHUBosmN:jEVUcTZg8s3sZJIgqBIfOqM01mN
Malware Config
Extracted
darkcomet
punjul20
wra.sytes.net:5150
DC_MUTEX-72CRM4X
-
gencode
cjY2mWhsp2tD
-
install
false
-
offline_keylogger
true
-
password
wra
-
persistence
false
Targets
-
-
Target
91ed988a44af275b7d49d8542494a448fec80cb3d31bb05a78b3994158e44323
-
Size
1.4MB
-
MD5
ce11858d4c29894d66a3e125d2ab60d6
-
SHA1
c4685c4e59290f6402437812887819ec736e1cf8
-
SHA256
91ed988a44af275b7d49d8542494a448fec80cb3d31bb05a78b3994158e44323
-
SHA512
d8245539cae562a12c6910a67546f03be6f40e3d4c1b33f8e935eacad33d39ff7635c9ef8a041ba9aa451756ddb0c00880b1195cc626e900bb1c3fb7d9ecebaa
-
SSDEEP
24576:fthEVaPqLTx3gMjfkJ9qPRZJydg2kIBIfOkbMHUBosmN:jEVUcTZg8s3sZJIgqBIfOqM01mN
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-