General
-
Target
97dde71e4e5a7bf54b2ca0381b5daf60df5ed8f70529c11c50475e316e1f8ecd
-
Size
1.1MB
-
Sample
221203-vcwarahb38
-
MD5
ac674190fce443fa79a572aa94f5c507
-
SHA1
26ff1ecffb8a5770c64b17c88771ad73c320c702
-
SHA256
97dde71e4e5a7bf54b2ca0381b5daf60df5ed8f70529c11c50475e316e1f8ecd
-
SHA512
ae1183f4c6092b5516eb966df7ff22c81c0cebb1930705d81e3f729e20e3857ece51d46da9bdc462dcb56cb29a0f3423aefb331d5b70c0e661b8284e07bb1dbb
-
SSDEEP
12288:Fuz5YhnUAQyjTeFiPgbFpfgjxFRpQqrfd0MzmUOLhnK2higmjQlQHeQ1ag4fobaE:mA7jTeFiIyjtxqLhnphigwQljAb
Malware Config
Extracted
darkcomet
sss
ssss.ddns.net:1604
DC_MUTEX-KNS55JC
-
gencode
uArTCC80KXnu
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
97dde71e4e5a7bf54b2ca0381b5daf60df5ed8f70529c11c50475e316e1f8ecd
-
Size
1.1MB
-
MD5
ac674190fce443fa79a572aa94f5c507
-
SHA1
26ff1ecffb8a5770c64b17c88771ad73c320c702
-
SHA256
97dde71e4e5a7bf54b2ca0381b5daf60df5ed8f70529c11c50475e316e1f8ecd
-
SHA512
ae1183f4c6092b5516eb966df7ff22c81c0cebb1930705d81e3f729e20e3857ece51d46da9bdc462dcb56cb29a0f3423aefb331d5b70c0e661b8284e07bb1dbb
-
SSDEEP
12288:Fuz5YhnUAQyjTeFiPgbFpfgjxFRpQqrfd0MzmUOLhnK2higmjQlQHeQ1ag4fobaE:mA7jTeFiIyjtxqLhnphigwQljAb
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-