General
-
Target
98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd
-
Size
2.2MB
-
Sample
221202-s1224abb45
-
MD5
39d4cbc86f45b0efedc6f01881412e73
-
SHA1
a8d339b3f8d798160f71ee88e36b2a6efa76dded
-
SHA256
98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd
-
SHA512
333711526622d8e5f02c95a8587bd29e4900757566d9f040ec5f14292640a0c6edead0e933d42ced60c7f0b1ae131cecb06ac206d29d52f4983e40ebecf3b5ce
-
SSDEEP
49152:N1vqjd/QNzVG3W34pd9S7TWFrSLRRJN3TCt/RsbMBBdtt:N1vqjV344zeK5SLhRTCtkM5
Malware Config
Extracted
darkcomet
teste
hack256.no-ip.biz:1604
DC_MUTEX-CT50HLM
-
gencode
U7iklaRPqE51
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd
-
Size
2.2MB
-
MD5
39d4cbc86f45b0efedc6f01881412e73
-
SHA1
a8d339b3f8d798160f71ee88e36b2a6efa76dded
-
SHA256
98220537abdcac01164bca5bbfaaf666a4a6e2b6b1c800f4e0c7dcafebf480bd
-
SHA512
333711526622d8e5f02c95a8587bd29e4900757566d9f040ec5f14292640a0c6edead0e933d42ced60c7f0b1ae131cecb06ac206d29d52f4983e40ebecf3b5ce
-
SSDEEP
49152:N1vqjd/QNzVG3W34pd9S7TWFrSLRRJN3TCt/RsbMBBdtt:N1vqjV344zeK5SLhRTCtkM5
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-