General
-
Target
4123a31a7bc25e6a62bc2a0b63a09f123c8e357bdfd5c4e7f183e7f010149f5f
-
Size
772KB
-
Sample
221203-cy2esafh69
-
MD5
68e8582308a2f05401ef6d076facd012
-
SHA1
2b2c9ed47453a7b8ef988da3d74af01e6d4340e6
-
SHA256
4123a31a7bc25e6a62bc2a0b63a09f123c8e357bdfd5c4e7f183e7f010149f5f
-
SHA512
14bd663c9c9ee8f4ac12774a14fd7a33108cf1fe7fed7afc8730719585e00521c4b12f03c5aba993f0ce98b6532794163b69c5a8bed84f71965c2d3f6e4fdcbc
-
SSDEEP
12288:7CuQHZyt8xPBhU2BNt1tBPOVsoaDWal2fdFP/Jh+xD6ikf:7CBxZjBl2DaOfTnbYW5f
Malware Config
Extracted
darkcomet
giriamo
178.239.178.177:200
DC_MUTEX-MBX97KS
-
gencode
RTdAVRUtBLYH
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
4123a31a7bc25e6a62bc2a0b63a09f123c8e357bdfd5c4e7f183e7f010149f5f
-
Size
772KB
-
MD5
68e8582308a2f05401ef6d076facd012
-
SHA1
2b2c9ed47453a7b8ef988da3d74af01e6d4340e6
-
SHA256
4123a31a7bc25e6a62bc2a0b63a09f123c8e357bdfd5c4e7f183e7f010149f5f
-
SHA512
14bd663c9c9ee8f4ac12774a14fd7a33108cf1fe7fed7afc8730719585e00521c4b12f03c5aba993f0ce98b6532794163b69c5a8bed84f71965c2d3f6e4fdcbc
-
SSDEEP
12288:7CuQHZyt8xPBhU2BNt1tBPOVsoaDWal2fdFP/Jh+xD6ikf:7CBxZjBl2DaOfTnbYW5f
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-