General
-
Target
PowerCraft_v3-4-9_mc1-2-5.rar
-
Size
1.9MB
-
Sample
241228-eflmqawkdk
-
MD5
2c3c6100a95eb6dbfba54ce63c30b9fc
-
SHA1
acec17dfee5e2193942068acc2b55eddc737cdcf
-
SHA256
124cf9ec93d72d5556c51c6c803bc42f05ece6bf4577bbf7b487070faaf9b96f
-
SHA512
ec9df88865196738ee1e14f5fea241cfc75eebcb00421f2dcd1d9d418726824ac8b742fa87351f4994adb6328c6578a60ae4ffb2c211ea4b6fb1d6bc2d588c03
-
SSDEEP
49152:hSomRTwxnLFwt5U4cb4hwPpB7fuXxHKePdyDUzQ:o/kxnLFqU41hwhBfXeP81
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
AlphaDelta
hakes.zapto.org:1337
DC_MUTEX-YECBH52
-
gencode
dv9GrE2HB27o
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
Mod installer.exe
-
Size
772KB
-
MD5
0962d31ce2c0b1e367785bb0dd7fa51f
-
SHA1
babfd019f4b6acb0fe4961f65436ce104b1ba3c6
-
SHA256
6b1eb6a3f71c127fab04aa1e5c0ca7b15c8f2bcb4613ed1b3d1da1e622fb470e
-
SHA512
c72a179986157d32f58c756efd00474a9dbdbeca7779456b1f08eb34905a51ad88d697343b01e64ee8e31a5d37eef6e98871da94432e06f8e9b25fd23ff0e611
-
SSDEEP
24576:vchr3REB8H+KvAdUJAfwPuYd+V6bPewJwg:vYT+w+KvAdUJAfwPuYd+V6bPewJwg
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-