General
-
Target
7295fb6d83809f897cbbb94ba220ff445f01063267173e8a6bf0a093dcf95b53
-
Size
1011KB
-
Sample
221202-tndpeagg5t
-
MD5
06b171dbe68bf6897373086b4409fc27
-
SHA1
fb5a53c340a3be2d64df7901f13413043e47c51e
-
SHA256
7295fb6d83809f897cbbb94ba220ff445f01063267173e8a6bf0a093dcf95b53
-
SHA512
3405b59d83cc107bd586831d4d7a21810451ff863e518cca9ae89402961925cd955c7e069de223496eab4187d29c8a4d6be9d4dd3c1f796d7fdeef7d8ef8569e
-
SSDEEP
12288:kMWzgMg7+3qnCiMErQohh0F4GCJ8lny5QLijfHVynJU7033tpLecyC1bPOZtD/FJ:RaHM+6Corjmny5QLQwLQwPwN/FHNz
Malware Config
Extracted
darkcomet
Guest16
lastpast.no-ip.org:1604
DC_MUTEX-WKZSQJJ
-
gencode
M0vRP9h57VxJ
-
install
false
-
offline_keylogger
true
-
password
nextone
-
persistence
false
Targets
-
-
Target
7295fb6d83809f897cbbb94ba220ff445f01063267173e8a6bf0a093dcf95b53
-
Size
1011KB
-
MD5
06b171dbe68bf6897373086b4409fc27
-
SHA1
fb5a53c340a3be2d64df7901f13413043e47c51e
-
SHA256
7295fb6d83809f897cbbb94ba220ff445f01063267173e8a6bf0a093dcf95b53
-
SHA512
3405b59d83cc107bd586831d4d7a21810451ff863e518cca9ae89402961925cd955c7e069de223496eab4187d29c8a4d6be9d4dd3c1f796d7fdeef7d8ef8569e
-
SSDEEP
12288:kMWzgMg7+3qnCiMErQohh0F4GCJ8lny5QLijfHVynJU7033tpLecyC1bPOZtD/FJ:RaHM+6Corjmny5QLQwLQwPwN/FHNz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-