General
-
Target
aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1
-
Size
1.1MB
-
Sample
240420-xxzvsaff97
-
MD5
49fc97af2d9c6cae7e412ae548e7edd8
-
SHA1
f6c969bcab3ae6ab2116708ab002828e7482c5f7
-
SHA256
aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1
-
SHA512
a7f151c9adae93329d14ccff453b13de250f5978cc28e8a1f78ad74469a0d12951c837604d11f24ff9268d1548fc63ae3e69b6eadf2ac9870ad6bad0ea2ee49a
-
SSDEEP
24576:RBkVdlYACfZQ+aS2HnJV54K0q6tHXsk+vZmE:/svCfj/wV5GtHBcx
Malware Config
Extracted
darkcomet
Guest16
5.tcp.eu.ngrok.io:13559
DC_MUTEX-RYGWV09
-
gencode
iM649R849fl9
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1
-
Size
1.1MB
-
MD5
49fc97af2d9c6cae7e412ae548e7edd8
-
SHA1
f6c969bcab3ae6ab2116708ab002828e7482c5f7
-
SHA256
aefcc4fbfe2edc7cc7992085ee0ef500cd6def9b66e5f668d4dfc03ae06f49c1
-
SHA512
a7f151c9adae93329d14ccff453b13de250f5978cc28e8a1f78ad74469a0d12951c837604d11f24ff9268d1548fc63ae3e69b6eadf2ac9870ad6bad0ea2ee49a
-
SSDEEP
24576:RBkVdlYACfZQ+aS2HnJV54K0q6tHXsk+vZmE:/svCfj/wV5GtHBcx
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-