General
-
Target
b0c0b4a1913c57d54e3c06ba148838f3
-
Size
302KB
-
Sample
240304-al5kkacd8v
-
MD5
b0c0b4a1913c57d54e3c06ba148838f3
-
SHA1
778e7cab50fbea1e9cd011d57af6fd879ecfee13
-
SHA256
18dbc083f5602407dfe76b2d2649895ccd786af4a3068506d54463b3faaa15e0
-
SHA512
91c59bf0084b44313338bce55aa7a24532eb4c697e6696712880e32f54652a4d99cd8b15364e9c7a5ba5834b9631460a2c12eaaa8e680d85736b4fbbf6a0aaac
-
SSDEEP
6144:kMmdZk09v+8MGSl9P/75ggARi+UF5SGUc7lGZpeBBi8dPIJGeZwIY3s9KTUcEMsg:kMJ09v+8sLPf0oDUcphIPqjqqxJSs
Malware Config
Extracted
darkcomet
Test
runescapeman500.no-ip.org:123
DC_MUTEX-3RZSAWA
-
gencode
QHQQNJbtSqQQ
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
b0c0b4a1913c57d54e3c06ba148838f3
-
Size
302KB
-
MD5
b0c0b4a1913c57d54e3c06ba148838f3
-
SHA1
778e7cab50fbea1e9cd011d57af6fd879ecfee13
-
SHA256
18dbc083f5602407dfe76b2d2649895ccd786af4a3068506d54463b3faaa15e0
-
SHA512
91c59bf0084b44313338bce55aa7a24532eb4c697e6696712880e32f54652a4d99cd8b15364e9c7a5ba5834b9631460a2c12eaaa8e680d85736b4fbbf6a0aaac
-
SSDEEP
6144:kMmdZk09v+8MGSl9P/75ggARi+UF5SGUc7lGZpeBBi8dPIJGeZwIY3s9KTUcEMsg:kMJ09v+8sLPf0oDUcphIPqjqqxJSs
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-