General
-
Target
FluxusBootstrapper.exe
-
Size
4.6MB
-
Sample
241007-yhndwascjm
-
MD5
b8c174bbfa909866f62c893c3f65afc5
-
SHA1
24796144ea60b63fbc9d63848218d1bc52156033
-
SHA256
d2e7f27c190bcc4b309ea4d757e5944fc0f308b5088cdb8a6e602a3ec4039ff9
-
SHA512
3cd89494b3a74e05b27d605490f9b276df5fbcb9c261505af6fed21f524312b56ec8876531ea2aa3741fef9c1496cdccc3c7f7a250acef12da998ecbdfb77cee
-
SSDEEP
98304:hfSy5QuGC8yT1C/OZv1wND7QzE2xa7fAqFkk9pgI5CyEsY0K+zsXBuGbAT7T7k2n:F9t8oyOZt6DsE2xa7fzdWqN7NK+gRujZ
Malware Config
Extracted
darkcomet
Sazan
iznnawt.localto.net:7786
DC_MUTEX-HNEM7EN
-
gencode
EjyhvgEc3y6V
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
FluxusBootstrapper.exe
-
Size
4.6MB
-
MD5
b8c174bbfa909866f62c893c3f65afc5
-
SHA1
24796144ea60b63fbc9d63848218d1bc52156033
-
SHA256
d2e7f27c190bcc4b309ea4d757e5944fc0f308b5088cdb8a6e602a3ec4039ff9
-
SHA512
3cd89494b3a74e05b27d605490f9b276df5fbcb9c261505af6fed21f524312b56ec8876531ea2aa3741fef9c1496cdccc3c7f7a250acef12da998ecbdfb77cee
-
SSDEEP
98304:hfSy5QuGC8yT1C/OZv1wND7QzE2xa7fAqFkk9pgI5CyEsY0K+zsXBuGbAT7T7k2n:F9t8oyOZt6DsE2xa7fzdWqN7NK+gRujZ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Disables Task Manager via registry modification
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-