General
-
Target
5e7599beee5b23858e1339c802a2b42e
-
Size
272KB
-
Sample
240116-aj15cshdfj
-
MD5
5e7599beee5b23858e1339c802a2b42e
-
SHA1
6f1f1f6d8c15582ae44d9312c07bcf771e63983b
-
SHA256
63cbb50418ff9617182869680dd65862f27eba39adf6b4405ff8449f5973c37d
-
SHA512
8c52a4ae02dc889aa178fcd89c0af2b61ef9bb389330b4338c2759424298480835540d523caf5a573cd50f60896d2f771861128320fad434677efaf5a2213332
-
SSDEEP
6144:stN2PXzg+qNDf24M4IlzR7eSSpYBRKL0LNxVIBqW/p:st40THI5RaRp9QZxOBq
Malware Config
Extracted
darkcomet
Sazan
2.tcp.ngrok.io:11956
DC_MUTEX-9YWB9EB
-
gencode
svYKFqnCzhWk
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
5e7599beee5b23858e1339c802a2b42e
-
Size
272KB
-
MD5
5e7599beee5b23858e1339c802a2b42e
-
SHA1
6f1f1f6d8c15582ae44d9312c07bcf771e63983b
-
SHA256
63cbb50418ff9617182869680dd65862f27eba39adf6b4405ff8449f5973c37d
-
SHA512
8c52a4ae02dc889aa178fcd89c0af2b61ef9bb389330b4338c2759424298480835540d523caf5a573cd50f60896d2f771861128320fad434677efaf5a2213332
-
SSDEEP
6144:stN2PXzg+qNDf24M4IlzR7eSSpYBRKL0LNxVIBqW/p:st40THI5RaRp9QZxOBq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-