General
-
Target
e5f96056aa781048ddfb7ef246991250a9289f34e44be70c231a85e58a20cb9aN
-
Size
777KB
-
Sample
241019-helg4svbjn
-
MD5
3eeb8e87fefe34019a257caf84cd83b0
-
SHA1
3cd19f9327b3bd84998fbf3e92e5e2105974c372
-
SHA256
e5f96056aa781048ddfb7ef246991250a9289f34e44be70c231a85e58a20cb9a
-
SHA512
4754a1cbf3e0428322f5fdb4b2bdc1ab6d065ca4a5b0759317a5c2ddcfd4be4bc6247e8b5cb9708663878c064dbeb5c79194a7095f4d0aa5dd266500b8c4f4e5
-
SSDEEP
12288:wB6Lx8ckslStluh/g60Mi6ItMKp67/m5EZ2anOZnjWnpw2KtW31j6a9G8MoF:wcxLleM/g60MpItvQ7Oq0aOcL31dCw
Malware Config
Extracted
darkcomet
Slave
jamesk420.no-ip.org:6112
DC_MUTEX-GJK1WGW
-
gencode
KvCzs6f0BLdd
-
install
false
-
offline_keylogger
true
-
password
12345
-
persistence
false
Targets
-
-
Target
e5f96056aa781048ddfb7ef246991250a9289f34e44be70c231a85e58a20cb9aN
-
Size
777KB
-
MD5
3eeb8e87fefe34019a257caf84cd83b0
-
SHA1
3cd19f9327b3bd84998fbf3e92e5e2105974c372
-
SHA256
e5f96056aa781048ddfb7ef246991250a9289f34e44be70c231a85e58a20cb9a
-
SHA512
4754a1cbf3e0428322f5fdb4b2bdc1ab6d065ca4a5b0759317a5c2ddcfd4be4bc6247e8b5cb9708663878c064dbeb5c79194a7095f4d0aa5dd266500b8c4f4e5
-
SSDEEP
12288:wB6Lx8ckslStluh/g60Mi6ItMKp67/m5EZ2anOZnjWnpw2KtW31j6a9G8MoF:wcxLleM/g60MpItvQ7Oq0aOcL31dCw
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Disables RegEdit via registry modification
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-