General
-
Target
6d4166ae6ee8d6ec5af09d73d256bd83
-
Size
278KB
-
Sample
240121-n5zejsccgp
-
MD5
6d4166ae6ee8d6ec5af09d73d256bd83
-
SHA1
8392c338cbaa7fe0787eef96bbca84c483e50d33
-
SHA256
10f2e75aeb164c1771cf3392cecdb50f0e5d22331654075a88bc691eb0602ce5
-
SHA512
a789f6a2fc9227f483e11adae0c69e3d2216911524dfc02a7a74e9a236edb25bbb468c3d9280f828333fab11f3f295c1498597ead61da225455b62590e89f8d4
-
SSDEEP
6144:r5C4JCWTWFjtT2VUnw/6knPrCVsoSortxBFzNKNzKz/:r5UWTWEURGjCaoSortVgQz
Malware Config
Extracted
darkcomet
Sazan
2.tcp.ngrok.io:11956
DC_MUTEX-9YWB9EB
-
gencode
svYKFqnCzhWk
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6d4166ae6ee8d6ec5af09d73d256bd83
-
Size
278KB
-
MD5
6d4166ae6ee8d6ec5af09d73d256bd83
-
SHA1
8392c338cbaa7fe0787eef96bbca84c483e50d33
-
SHA256
10f2e75aeb164c1771cf3392cecdb50f0e5d22331654075a88bc691eb0602ce5
-
SHA512
a789f6a2fc9227f483e11adae0c69e3d2216911524dfc02a7a74e9a236edb25bbb468c3d9280f828333fab11f3f295c1498597ead61da225455b62590e89f8d4
-
SSDEEP
6144:r5C4JCWTWFjtT2VUnw/6knPrCVsoSortxBFzNKNzKz/:r5UWTWEURGjCaoSortVgQz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-