General
-
Target
3d97a312a0f2d17bed8a6a3b3a99ce180c152f8b64aab3831e1422b1a48a21bd
-
Size
543KB
-
Sample
221205-f9hnlaad25
-
MD5
b0bb81732a8813bed15cf9f7feda32a5
-
SHA1
1bfc487ab68ea4a7605a6f131a4c34a05ce243e9
-
SHA256
3d97a312a0f2d17bed8a6a3b3a99ce180c152f8b64aab3831e1422b1a48a21bd
-
SHA512
87ee507db5738afb3fe823fe67beacd4b491ac729ccf209f8c5304d0e7fcba379c7481a5a3351c576b50cd8d229470effb137b03f506010d9c8793f9917e151a
-
SSDEEP
12288:Z2PJBCFVHHwSqtl5bo0T1CvdRNCnwpe+S8GyryDLK06kA8tiker:Z2hBCFV4lCpwXUyDLKBqiz
Malware Config
Extracted
darkcomet
Guest16
benglasgow.no-ip.biz:200
DC_MUTEX-6GLRQGS
-
gencode
v9f93Hgm4FY6
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
3d97a312a0f2d17bed8a6a3b3a99ce180c152f8b64aab3831e1422b1a48a21bd
-
Size
543KB
-
MD5
b0bb81732a8813bed15cf9f7feda32a5
-
SHA1
1bfc487ab68ea4a7605a6f131a4c34a05ce243e9
-
SHA256
3d97a312a0f2d17bed8a6a3b3a99ce180c152f8b64aab3831e1422b1a48a21bd
-
SHA512
87ee507db5738afb3fe823fe67beacd4b491ac729ccf209f8c5304d0e7fcba379c7481a5a3351c576b50cd8d229470effb137b03f506010d9c8793f9917e151a
-
SSDEEP
12288:Z2PJBCFVHHwSqtl5bo0T1CvdRNCnwpe+S8GyryDLK06kA8tiker:Z2hBCFV4lCpwXUyDLKBqiz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-