General
-
Target
fca47090b878fda8937de3c6621b7ceda0c640a7030a451b298862cca1d3b7ba.exe
-
Size
964KB
-
Sample
250212-lkwf2swlfw
-
MD5
6de092b2e07561a8de02d0dadea6599c
-
SHA1
620d5d728052e52b7b8efa18a56a07defb503e03
-
SHA256
fca47090b878fda8937de3c6621b7ceda0c640a7030a451b298862cca1d3b7ba
-
SHA512
0cc1bd46b60971b7f333d194aebf3ce754eb63ead683883a2f09d2f2e84b94237e689a2db5ad03298d5411436196065246da32da86763658345a8fa26d8cc877
-
SSDEEP
24576:EUn1IgB1wd4EaaR9u68GGUEtUMefQMmNohkV:FIQEaaRM68MMPOh0
Malware Config
Extracted
darkcomet
ABOVE
178.175.138.238:3900
DC_MUTEX-NL7A6PY
-
gencode
TyA5CrZCBJR3
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
fca47090b878fda8937de3c6621b7ceda0c640a7030a451b298862cca1d3b7ba.exe
-
Size
964KB
-
MD5
6de092b2e07561a8de02d0dadea6599c
-
SHA1
620d5d728052e52b7b8efa18a56a07defb503e03
-
SHA256
fca47090b878fda8937de3c6621b7ceda0c640a7030a451b298862cca1d3b7ba
-
SHA512
0cc1bd46b60971b7f333d194aebf3ce754eb63ead683883a2f09d2f2e84b94237e689a2db5ad03298d5411436196065246da32da86763658345a8fa26d8cc877
-
SSDEEP
24576:EUn1IgB1wd4EaaR9u68GGUEtUMefQMmNohkV:FIQEaaRM68MMPOh0
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1