General
-
Target
darksa.exe.exe
-
Size
756KB
-
Sample
241006-p3wrbaygqc
-
MD5
cd9998c9b47108f0bc723268bec42718
-
SHA1
e02d89685fe09166e5ad08abdba3458abf552124
-
SHA256
a12826ef8fd70cd03fa2b6385fe5d0d2b47f19fb559ee1958143278936da26c5
-
SHA512
a1ecaebb6bc5642ede6c992f22278f1a4fd887f4d2e4be57fee2d667fb618a01f126373c854e216afe42888aa74652aaeb6ffc0a2e27097729f9e434a74f797a
-
SSDEEP
12288:W9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hvqMd0QZhp:yZ1xuVVjfFoynPaVBUR8f+kN10EB9D0+
Malware Config
Extracted
darkcomet
Guest16
onsj8tw.localto.net:4441
DC_MUTEX-CTUU0UZ
-
gencode
ThKqDywJU2x6
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
darksa.exe.exe
-
Size
756KB
-
MD5
cd9998c9b47108f0bc723268bec42718
-
SHA1
e02d89685fe09166e5ad08abdba3458abf552124
-
SHA256
a12826ef8fd70cd03fa2b6385fe5d0d2b47f19fb559ee1958143278936da26c5
-
SHA512
a1ecaebb6bc5642ede6c992f22278f1a4fd887f4d2e4be57fee2d667fb618a01f126373c854e216afe42888aa74652aaeb6ffc0a2e27097729f9e434a74f797a
-
SSDEEP
12288:W9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hvqMd0QZhp:yZ1xuVVjfFoynPaVBUR8f+kN10EB9D0+
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-