General
-
Target
c2fd694263b65228c8bcf5ac855a2e90_NeikiAnalytics.exe
-
Size
704KB
-
Sample
240517-hcxglaeb65
-
MD5
c2fd694263b65228c8bcf5ac855a2e90
-
SHA1
b9ac2e00f69872acad92d42ed15bb76e63ba38a5
-
SHA256
9326464f19bda14ced7ac0a829c5d693bd4314b1bdb27f34f3016bdd28c743f0
-
SHA512
99c9e368c134cf33fc0f0642e769d126a1974ab05a46eced88ea312db00a492c8fcd965688706a50e6b855f2fb0777d2806b71f42c30121ea1b55da0cee10799
-
SSDEEP
12288:llLLf1Fw54KOO+6phWQnZMl6SxnvhAbEGpgEJ79zdkm/5DnObM+Fx95AR:XLL84K9+EJMl6SxnJAPpgcVKm/5DnObk
Malware Config
Extracted
darkcomet
1339
silentdark.no-ip.biz:1339
DC_MUTEX-HVRJ66V
-
gencode
jhRFT61CcBh7
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c2fd694263b65228c8bcf5ac855a2e90_NeikiAnalytics.exe
-
Size
704KB
-
MD5
c2fd694263b65228c8bcf5ac855a2e90
-
SHA1
b9ac2e00f69872acad92d42ed15bb76e63ba38a5
-
SHA256
9326464f19bda14ced7ac0a829c5d693bd4314b1bdb27f34f3016bdd28c743f0
-
SHA512
99c9e368c134cf33fc0f0642e769d126a1974ab05a46eced88ea312db00a492c8fcd965688706a50e6b855f2fb0777d2806b71f42c30121ea1b55da0cee10799
-
SSDEEP
12288:llLLf1Fw54KOO+6phWQnZMl6SxnvhAbEGpgEJ79zdkm/5DnObM+Fx95AR:XLL84K9+EJMl6SxnJAPpgcVKm/5DnObk
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-