General
-
Target
c52d6bfcb18b48ce0976886fc1c60967
-
Size
930KB
-
Sample
240313-gzslgsef7y
-
MD5
c52d6bfcb18b48ce0976886fc1c60967
-
SHA1
da6575713f50dae6e3ea4fac5aaf0d983c351171
-
SHA256
6dbc41a48a41c991800d78eb2bd7231512830620880febda4a17e75c4f438a56
-
SHA512
dc764e1d42bf9a74b5ac14be8ba01c1dfcf013456b2d403bf0e3616a440a5f124fde0909f207eeb02de3ebdad5e65425fb7f86ac204c6e3090ceb8973a19e0e0
-
SSDEEP
24576:KZ1xuVVjfFoynPaVBUR8f+kN10EBxYAGrW:aQDgok30bAz
Malware Config
Extracted
darkcomet
Guest16
jesusiscool.no-ip.biz:1604
DC_MUTEX-2MFKDUD
-
gencode
hR4kwDNMtXyi
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c52d6bfcb18b48ce0976886fc1c60967
-
Size
930KB
-
MD5
c52d6bfcb18b48ce0976886fc1c60967
-
SHA1
da6575713f50dae6e3ea4fac5aaf0d983c351171
-
SHA256
6dbc41a48a41c991800d78eb2bd7231512830620880febda4a17e75c4f438a56
-
SHA512
dc764e1d42bf9a74b5ac14be8ba01c1dfcf013456b2d403bf0e3616a440a5f124fde0909f207eeb02de3ebdad5e65425fb7f86ac204c6e3090ceb8973a19e0e0
-
SSDEEP
24576:KZ1xuVVjfFoynPaVBUR8f+kN10EBxYAGrW:aQDgok30bAz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-